This is a guest blog by Tom Kemp, the CEO of US security company Centrify.
It’s that time of year again. The festive season is upon us and with it, online shopping will no doubt take another bite out of traditional bricks-and-mortar sales. With a colourful new president taking office shortly, 2017 promises to be an interesting year.
2017: The year to come
After a somewhat tumultuous 2016, where security breaches played a key role in jeopardising multi-billion dollar acquisition deals, upending US presidential elections and facilitating corporate extortion, it’s a good idea to prepare for just about anything. Here are a few predictions:
1. More hawkish regulation enforcement by government entities
The US government is no stranger to cybersecurity – it’s been a primary focus for decades. But recent events like the US election have highlighted how a lack of appropriate security measures can impact the entire globe in ways we hadn’t considered.
Regulations that address the vast majority of cybersecurity threats already exist. It’s the adoption of key technologies that help to adhere to these regulations that’s lacking. And that isn’t to say that companies aren’t trying. Many organisations already have teams devoted to meeting the government and industry regulations they fall under – from PCI to HIPAA.
Still, in 2017, we’ll see a renewed effort by government regulators to accelerate the implementation of security technologies. Ignoring the regulations or inching toward adherence will no longer be acceptable. Extensive progress will be expected – and required.
2. More ransomware
After a hugely successful 2016, we’ll see additional increases in ransomware. And as a result, companies may start to actually budget money to buy back their own data after a ransomware event. As long as the majority of ransoms remain relatively low, companies will continue to pay them, and they may do so without involving law enforcement to avoid disruption of their businesses and blemishes to their brands.
3. Technologies to look out for:
Multi-factor authentication
I believe we’ll see widespread adoption of two-factor authentication across all industries. This is a fundamental technology that effectively addresses a problem that has grown too big to ignore.
Granular management of privileges
Obviously, Plan A is keeping hackers outside your network. But that isn’t always possible, so organisations must have a Plan B in place when perimeter technologies are breached. Most security experts today look at privilege management as an essential second layer of protection.
Simply put, privileged identity management (PIM) prevents hackers that gain access to your network from then accessing anything and everything inside it. The key is in assigning specific individuals access to specific information. Say, for example, a hacker breaks into the DNC network. Rather than gaining access to everything, they are denied access to any sensitive information because they don’t have the necessary privileges.
Least privileged access
A component of PIM is least privileged access. This means that each person granted access to the network starts with the minimal level that will allow for normal functioning – the lowest level of rights that a user can have and still do their job.
Bitcoin
A final prediction is around bitcoin. Despite a hack in early August that resulted in the loss of 120,000 bitcoins worth $65m, the cryptocurrency quickly rebounded and has continued to grow in popularity. Expect some additional security measures to be implemented in the exchanges. On a related note, look for the rapid commercialisation of blockchain technology beyond the currency realm and into manufacturing, finance, shipping and entertainment.
It should be an interesting year!
By Tom Kemp
Tom Kemp is the CEO of Centrify. Centrify is a leader in securing enterprise identities against cyberthreats that target today’s hybrid IT environment of cloud, mobile and on-premises. Centrify helps protect against the leading point of attack used in data breaches ― compromised credentials — by securing an enterprise’s apps and infrastructure for all its users.