A new report from the Information Security Forum paints a fairly pessimistic picture of enterprises' ability to protect their IT from cybercriminals over the next two years.
The report, Threat Horizons 2018, says the ability of organizations to protect IT is progressively being weakened. Businesses and society, for that matter, are becoming more reliant on complex new technologies to function, which intensifies the threat landscape, the report contends.
"We are having to be a little bit more, perhaps, critical of the way in which we look at our use of technology, and that's what you're beginning to see with some of the predictions we're coming out with now," Steve Durbin, managing director of the Information Security Forum, says in an interview with Information Security Media Group. "Let's bear in mind: These predictions are really trying to put some extra weaponry into the armory for the security professionals so we can anticipate some of the challenges that we're going to be seeing."
In the interview (click player beneath image to listen), Durbin addresses the three key themes of the report:
Technology adoption will dramatically expand the threat landscape. This includes using algorithms to maximize the efficiency of IT systems, which often results in heightened IT security risks. Organizations must be transparent about how algorithms work and how to mitigate the risks involved. "That's the important thing because we're not going to stop our dependence on these things," Durbin says. Safeguarding IT will be progressively more difficult. Cyber insurance is one way organizations can mitigate associated risks. But cyber insurance is not a panacea, and Durbin points out that in the coming years, this insurance will have limited benefits. After all, insurers cannot offer coverage for such damages as harm to brand image or loss of reputation caused by a data breach. It would be "very, very difficult for an insurer to be able to put a real price on that and, indeed, write a policy that is going to effectively be able to cover it," Durbin says. Governments will become increasingly interventionist. This includes some nations requiring domestic organizations using cloud computing providers to store data on servers within their national borders. "That it's being held in the cloud does not mean you're not responsible for it; this is the real issue," he says. "There is a need for businesses to be working very much more closely with their cloud providers, service providers. ... When we look forward two years, we don't see that threat moving away."At the Information Security Forum, a not-for-profit organization that develops IT security best practices, Durbin focuses on strategy, information technology, cybersecurity and the emerging security threat landscape. He previously served as a senior vice president at the advisory firm Gartner.