As we head into the final stretch of 2016, the tech community is turning its attention to what next year has in store. Bomgar’s CEO, Matt Dircks, recently had the opportunity to chat with CIO’s Sharon Florentine about how he sees the cybersecurity industry evolving in 2017.
As Sharon states, 2016 was “a hell of a year in cybersecurity” and Matt believes this shake-up will continue well into next year. He discussed a number of factors behind this in his conversation with Sharon, among them:
Weak Password Management Practices
The DDoS attack that wreaked havoc on a huge portion of the internet in October is to blame, in part, on unchanged default passwords on IoT devices that hackers exploited. This is a critical security failure that makes hackers’ jobs far too easy. To address this in the months and years ahead, companies need to introduce better password management practices. The best passwords are those that users and vendors can’t control. This means more organizations must implement solutions that securely store passwords that remain unknown to users, and regularly validate and rotate them to ensure safety and user security. As Matt states, “in an ideal world, a user would never know what their password was.”
Poor Privileged User Protection
In their quest for high-level access, hackers are increasingly targeting the credentials of privileged users like IT professionals, CEOs and vendors. Companies need to better understand this threat and apply security to these groups by identifying them, monitoring their access, and closing off access to what they don’t need. In his conversation with Sharon, Matt likens privilege management solutions to an elevator bank: “Even if I do have a valid password, if my privilege lets me access floors one and seven, but I try to go to six, then the system will block me and notify someone.”
In today’s heightened environment, many companies have adopted a mindset of “when, not if” when it comes to a data breach—a reality which Matt finds “terrifying.” Should an attack actually occur, the IoT and companies’ increasing reliance on security solution providers means organizations may not be able to easily account for ownership or origin of the breach. For example, who is responsible for securing, maintaining and patching the various technologies? Or, in a more dire scenario, has a product been connected that can’t even be patched?
As Matt states, “you’re only as secure as the least-secure device in the relationship.” To head off the security blame game that can arise in this complicated landscape, companies must ensure open communication between business and IT. Only when both groups understand the potential threats, security options, and the challenges and constraints that exist within the organization can they begin to address this security vulnerability.
A lot of attention is focused on the security implications of emerging IoT devices and gadgets, but Matt believes a critical vulnerability is often forgotten about in the form of “dumb” IoT. For example, the technology from the 1950s and 1960s that’s fueling power grids and transportation systems is almost entirely unsecured. In light of this, Matt says “I think there’s a fairly significant chance we’ll see a major hack on power grids or on transportation systems like rail in 2017.”
To see more of Matt’s thoughts on the above and other technology challenges facing us in 2017, take a look at Sharon’s article in its entirety here. And if you have any predictions for the year ahead, feel free to add them in the comments below!
Elizabeth Hulsey, Public Relations Specialist at Bomgar