2017 looks like the year when cybersecurity breaks out from “nice to have” to a “must have.”
Three recent reports on cybersecurity highlight how dangerous the IT environment has become — and how much new security is needed.
Here’s your solution provider’s update on these reports.
From a cyber security perspective, 2016 was a dangerous year.
Risk Based Security (RBS), a risk-analytics company, finds that 2016 broke all records for the number of reported data breaches. In all, the company says, there were 4,149 breaches worldwide last year, exposing more than 4.2 billion records.
Mega-breaches, in which criminals steal huge numbers of records at once, were a big part of 2016’s security story. More than 90 mega-breaches were reported last year, each exposing at least 1 million records. Just 3 of these mega-breaches — the attacks on Yahoo, FriendFinder Networks and MySpace — together compromised more than 2.2 billion records, according to RBS.
There is some good news. Stolen laptops, once a major security concern, last year accounted for less than 2 percent of all breaches, RBS says. Insider hacking was much more serious, accounting for 18 percent of all breaches.
Hybrid Cloud Insecurity
Hybrid IT infrastructures are a great way to move clients to the cloud, right? Yes, but it also makes them worry.
In a new survey, two-thirds (66%) of IT executives worry that security breaches due to hybrid setups could cause them to lose their jobs. And 70 percent are concerned about their ability to manage security in a hybrid environment.
The survey was conducted this past October by Bitdefender, a cybersecurity supplier. It reached 250 U.S. IT decision-makers, all at large organizations running at least 1,000 PCs.
The survey also found that IT managers’ main security concerns around hybrid architectures involve migrating data from on-premises storage to the cloud. Specifically, they’re worried about the security of data in transit, (cited by 66% of respondents); security of data at rest (60%); security of backups and snapshots (54%); and increased attack surfaces (53%).
After migrating to the cloud, new security issues emerge, the survey found. These include lack of visibility (cited by 51% of respondents); lack of policies (41%); and access from unauthorized devices (34%).
Think passwords are going away, to be replaced by biometrics and other new approaches? Think again. By 2020 — just three years from now — the world will need to protect 300 billion passwords, up from about 90 billion today, according to a new report from Cybersecurity Ventures.
The research firm also discovered that more than 3 billion user credentials or passwords were stolen last year. That works out to an average of 8.2 million stolen each day — not good.
Where will so many new passwords come from? Some, from the growing number of people who are online. Cybersecurity Ventures (CV) cites a Microsoft prediction of 4 billion people worldwide online by 2020. Also, many users employ multiple passwords — up to 36 per person, according to some industry estimates, though CV thinks 25 passwords per person a more realistic figure. Either way, that adds up quickly.
Another source of new passwords will be the Internet of Things, CV maintains. While not every IoT device will need its own password, they will need an authentication method. Also, any IoT device that has an interface will also have a password protecting that interface, allowing it to be configured, CV says. In addition, Bluetooth devices, such as wearables and smartwatches, will use a PIN for a passcode. CV estimates all this will introduce some 200 billion machine passwords in need of protection by 2020.
Have clients who still believe security isn’t a big deal? Share these facts and figures with them now.