So, what does 2017 have in store for the security industry? While there’s no crystal ball that can tell us for sure, we’ve got our eye on a few key trends.
Entering a new year, we always take a look at what the latest in identity and access management (IAM) and cybersecurity threats means for the security industry. This year, we specifically focused on answering three key questions:
- What’s the greatest cybersecurity threat for companies and consumers alike in 2017?
- How will the security industry evolve over the next year?
- What are the most transformative movements happening in IAM, and what is the next movement in 2017?
Based on these three questions, here are our top five predictions for 2017:
1. 2017, the Year of Ransomware
Malware, especially ransomware, will continue to be a big problem in 2017, and there’s no sign of this stopping anytime soon. As our CEO, James Litton recently predicted to ITBusinessEdge, 2017 is sure to take the Year of Ransomware “crown” from 2016. When combined with a strong phishing campaign, it is still the most successful method for gaining and maintaining access into corporate networks. Both phishing campaigns and malware have not slowed down in the least, demonstrating their continued effectiveness in stealing identities and other data.
For companies, the nature of the attack depends on many factors, including industry and company size, so it’s difficult to predict THE biggest threat for businesses in the coming year. However, ultimately, we think the three big threats that will be on the rise in 2017 are malware/ransomware attacks, Distributed Denial-of-Service (DDoS) attacks, and information breaches.
While the high-profile breaches of the last few years have opened a lot of eyes, many organizations are still lulled by complacency and stagnation into a false sense of security. Until their confidence is ‘shaken’ a little, concerns will still be in the back of their minds, they will be too trusting of existing solutions, and they will lack the financial justification to sway their peers into increasing investments on the security front.
2. Personal IAM – The Next Frontier in IAM
Identity and access management (IAM) isn’t just for the enterprise anymore, as personal needs continue to grow beyond the capabilities of password managers. Individuals today have many cloud systems, like Dropbox, Gmail, and LinkedIn, along with their local computers and devices. Additionally, there is an increasing array of IoT devices and services available, such as Fitbits, smart thermostats, and home security systems.
With so many systems, devices, and services, there is now an individual need for mini identity and access management solutions, similar to those used by an enterprise. Next year will shine the light on the need for this, and personal IAM solutions will take hold
3. IAM Gets Smart(er) with Risk-Based Authentication
There is a push underway integrate and enable greater data access and flow across security platforms, such as privileged access management (PAM), SIEM tools, and other operational systems, like ticketing and the help desk. We expect to see IAM vendors start creating smarter and more context-aware systems that use (not just collect) data for authentication and validation purposes.
For example, when a user accesses a system, the software will be smart enough to make real-time decisions based on a number of factors (such behavior patterns of that specific user, time of day, location, device, etc.) to know whether or not additional forms of authentication should be required at that specific point in time. This is called risk-based authentication, and it’s based on machine learning and pattern recognition and comparison.
This shift from rule-based authentication policy to software that analyses user behavior in real-time is just the beginning of the transformation that’s taking place and that we’ll see more of in the new year.
4. IAM Gains Traction in the Boardroom
Traditionally IAM has been largely viewed as an IT project. We expect that to change dramatically in 2017 as organizations become more connected with their supply chain, vendors, and customers. Managing identifies is no longer just a workforce endeavor. Modern IAM systems not only increase the productivity of your workforce, but also enable smart collaboration with vendors and improve the customer buying experience.
Managing and protecting customer identities and payment data is a requirement in today’s business landscape as companies build out more robust B2B portals and omni-channel strategies. Revenue and reputation risk are now part of the IAM discussion.
5. The Rise of the Security Professional
A lag in information security education has been an area of ongoing concern among industry professionals. However, there are positive efforts underway to make processes and procedures more cohesive, for both defensive and offensive security teams.
Over the past few years, changes in leadership at organizations like ISC2, the maintainers of the Certified Information Systems Security Professional (CISSP) certification, have brought new ideas and fresh minds to the table. These incoming thought leaders are shifting how we approach things in the information security realm by developing professional organizations, certifications, and formalized trainings that will help advance and qualify the next generation of security professionals.
As such, we expect to see a rise in Infosec professionals, not just holding paper certificates, but real knowledge.