No Crystal Ball Required: Coming Security Challenges
Describing today’s threat environment as “dynamic” would be an understatement of gargantuan proportions. As soon as one type of security threat appears to be under control–or is at least waning in strength–another springs up to wreak havoc. Keeping abreast of this constantly shifting security landscape is hard enough for MSPs working to keep their clients ahead of the curve; projecting future threat trends is even more difficult—but necessary, to ensure that you (and, more importantly, your clients) are not caught off-guard.
Happily, there are experts who devote vast amounts of time and research to these issues. One of the best examples is the new 2017 Cyberthreat Defense Report, released by CyberEdge Group. CyberEdge Group developed a 27-question (10- to 15-minute) web-based survey in partnership with its sponsoring vendors. (No vendor names were referenced in the survey.) The survey was promoted to information security professionals across North America, Europe, Asia Pacific, the Middle East, Latin America and Africa in November 2016.
One of the most refreshing aspects of this report is its down-to-earth perspective on the trials and travails faced by MSPs and IT managers: “IT security is clearly a harsh mistress. In what other IT discipline is success measured by the absence of something bad happening (i.e., a cyberattack)? Then there’s the cruel reality that while the industrialization of hacking is making it ever easier for attackers to succeed, a steadily expanding attack surface makes it ever harder for IT security teams to successfully thwart them.”
The plain-spoken tone of these remarks (which introduce the report’s “The Road Ahead” section) continues with the observation, “The bottom line is that it really shouldn’t come as a surprise that so many IT security teams are already behind the eight ball. Or that so many organizations still have plenty of room to improve, even in areas typically considered core defenses.” Examples are then listed to bolster this analysis, including:
- Endpoint devices of all types—but especially mobile ones such as smartphones and tablets—are relative weak spots in most organizations’ defenses.
- Building security into applications in the first place is not a strong suit for today’s organizations.
- Although they’re among the leading solutions planned for acquisition in the coming year, many emerging technologies most likely to be effective against advanced malware and targeted attacks—such as user and entity behavior analytics and cyberthreat intelligence services—show fairly modest adoption rates.
- Only a third of IT security professionals are confident that their organization is doing enough to monitor privileged user accounts for signs of misuse and/or compromise.
- Adoption rates for key technologies aimed at reducing a network’s attack surface—such as patch management, penetration testing and vulnerability scanning—remain shockingly low.
But the report also gives MSPs cause for optimism about their clients’ grasp of security issues, noting that organizations have a greater awareness of and concern for cybersecurity than ever before. What’s more, this “The Road Ahead” section of the report also offers insights and actionable tips on how to confront upcoming challenges in such diverse areas as deception technology, container security, remote/virtual browsing and attack/breach simulation.
Get Full Cyberthreat Defense Report
What’s particularly rewarding about the 2017 Cyberthreat Defense Report is its combination of survey feedback from your global peers along with expert analysis and commentary on current and future cybersecurity challenges. The sheer volume of valuable information it contains is remarkable, and we strongly recommend that MSPs and other IT professionals download the complete report.
This guest blog is part of a Channel Futures sponsorship.