Friday, September 9th, 2016
Top 5 Predictions: IoT to Web Application Risks
In a recent article, Gartner have presented their top cyber security predictions showcasing the security risks that inevitably come with the progress of technology. I’ve put together 5 major cyber security predictions and important tips that organisations need to be aware of.
1. Through 2020, 99% of vulnerabilities exploited will continue to be ones known by security and IT professionals for at least one year.
The best way to protect a business from serious vulnerabilities is to ensure there is a solid patching strategy in place and fixing these issues will help to stop the attackers gaining access. IT professionals should monitor regularly for vulnerability announcements, patch and non-patch remediations and emerging threats that correspond to the software in place. Vulnerability remediations should always be prioritised.
2. By 2020, a third of successful attacks experienced by enterprises will be on their shadow IT resources.
Shadow IT can present serious security risks when unsupported hardware and software are not subject to the same security measures that are applied to supported technologies. What do do? A good exercise is to conduct risk management across your entire organisation on all hardware and software and audit the risk of each service and its security controls. Methodologies like ISO27001 have introduced great risk management tools and security controls to follow.
3. By 2018, the need to prevent data breaches from public clouds will drive 20% of organisations to develop data security governance programs.
This is where regulations like the new EU GDPR come into play. The new General Data Protection Regulation (EU GDPR) is bringing more stringent set of regulations for all businesses that store personal information regarding EU residents which will lead to a wider degree of data protection harmonisation. This will inevitably bring the needs to develop comprehensive data governance programs, as companies will now be required to conduct privacy impact assessments, have a data protection officer and notify breaches within 72 hours. If you want to learn more about the new EU GDPR and what it means for your organisation, come along to our breakfast seminar in the Hilton Dublin on October 6th 7.30am. Click here to register.
4. By 2020, 40% of enterprises engaged in DevOps will secure developed applications by adopting application security self-testing, self-diagnosing and self-protection technologies.
The web application threat landscape is growing massively and understanding the risks when developing, hosting or simply using these applications is crucial.
Enterprises engaged in DevOps should ask themselves these 3 questions:
- How can we identify vulnerabilities that exist in our applications?
- How can we spot security holes due to unpatched or out-of-date applications?
- How can we ensure regulatory compliance?
The answer to these questions is usually a penetration test. Using manual security testing techniques and code analysis with automated tools is a more effective way of assessing security measures and verifying complex business applications rather than just relying on automated tools.
5. By 2020, more than 25% of identified enterprise attacks will involve IoT, though IoT will account for only 10% of IT security budgets.
There are many security risks associated with the increasing use of IoT devices, but for the numerous organisations using IoT devices the biggest risk is not realising that they are at risk.
A particular one that organisations are not aware of is related to security updates. Many IoT devices have insecure embedded operating systems and associated software devoid of patching functionality. Earlier in this article I was mentioning the importance of patching and vulnerability for the traditional technology systems, but when it comes to IoT, this is just as important. My tip is to never purchase smart devices that do not have simple and effective security patching functionality.
Do you have a security related question for our team or need advice? Leave us a message and we’ll be happy to assist!
Contact Us
The data you supply here will not be added to any mailing list or given to any third party providers without further consent. View our Privacy Policy for more information.