Speed of Tech Change a Threat to Cybersecurity
Companies are having problems adapting to the speed of technological change, continue to use legacy technologies while trying to combat evolving cyberthreats and have a lack of understanding of the full liabilities they face when their data are breached, according to a report on information security threats released Tuesday.
As connectivity speeds become faster, and as companies look for new ways to incorporate technology into everyday life—including smart city infrastructure, driverless cars and the Internet of Things—they not only will make life more convenient and add new value to the way we live, but will also offer new opportunities for cybercriminals to wreak havoc on our world, said the report from the Information Security Forum, a nonprofit association of organizations from around the world dedicated to finding best practices for information security and risk management.
Everyone is going to be surprised at just how fast these technological advancements come, the report said, and the threat to corporations is heightened by what Steve Durbin, the forum’s managing director, calls the “starry-eyed perspective” that comes from the promise of adopting new technologies. “Technology in my opinion has become something of a threat enabler. All of them potentially have opportunities for crime gangs to exploit,” said Mr. Durbin. “All of them have the opportunity to go wrong, and when they go wrong they will go wrong quickly and we will have to respond to that. I don’t think we’re prepared for that yet.”
The Threat Horizon 2017 report highlights nine areas of concern. In addition to connectivity speed, legacy technologies and complacency, other threats include the growing sophistication and collaboration of criminal cyber gangs; the dangerous dependence on critical infrastructure; the ability of malicious agents to weaponize systemic vulnerabilities; and the threat of social unrest by “tech rejectionists.” The report warned of the threat to competition and security by the growing wave of global consolidation of information companies and what this could mean for the flow of information, and said the cost and scale of information breaches will rise dramatically.
These threats reinforce the need to safeguard critical information, and show the need for companies to do more at the enterprise level, including sharing information on threats with other companies and government agencies, and to put in place a response plan for when something goes wrong, said Mr. Durbin. Along with threats to the company, there will be threats to suppliers, third-party partners and even to the law firms and accountants a company uses, all of which can put the business at risk, he said. “Crime is certainly going to be on the increase and we will struggle as organizations to keep pace,” he said.
Despite these threats, most companies are not dedicating the amount of resources—whether that is money, people or new technology—needed to address these issues, said Mr. Durbin. And this is leading companies to use technology that probably should be replaced to better combat cyber threats. One example of legacy technology that puts companies at risk is the use of Windows XP in many automated teller machines, even though Microsoft stopped supporting XP last year.
The use of legacy technology carries other risks, including finding qualified people who understand and can manage these systems, said Mr. Durbin. This makes it critical for a company to prioritize the systems and information and people they need to keep the business running should a cyberattack occur. It’s also important to consider in advance the potential impacts to reputation or possible loss of customers and revenue that can come from a disruption to operations, or from regulatory penalties and lawsuits that could arise from an attack, he said. Mr. Durbin cited the current fight between banks and retailer Target Corp. about who is liable for the damages from the company’s 2013 card breach.
This makes it vital for companies to have people on their boards and senior management who understand the threat landscape and who can assess potential jurisdictional liabilities in relation to how the company operates, how it manages and protects data and how it understands the implications of existing and proposed regulations, he said.
To read the full article, click here: http://blogs.wsj.com/riskandcompliance/2015/03/17/speed-of-technological-change-is-a-threat-to-cybersecurity/