Amy Baker, VP of Marketing, on Mobile Device Security and Partner Relationships
On Mobile as a Breach Source
We expect phishing and spear phishing to continue to be huge issue in 2017, carrying on the “another day, another email leak” trend we’ve seen in 2016. (Retrospectively, 2015 didn’t see nearly as many phishing attacks, and the rise in volume will only be exacerbated by the fact that organizations are still lagging behind on delivering effective security awareness training to end users.)
That said, we think 2017 could be ripe for a highly publicized breach with a mobile device as the initiation point. The security industry has wondered for years when this will occur; though it hasn’t happened yet, it is a very real possibility that should be treated as an ongoing significant threat vector. Given that the number of connected devices continues to skyrocket, next year we expect to see a larger focus — by enterprises and end users alike — on keeping mobile devices secure. This could prove particularly critical in a landscape where mobile phone encryption may be weakened, pending decisions made at the federal level.
On Partner and Supplier Relationships
Brands and vendors are looking at the security prowess of their partners and suppliers with a sharper lens in 2016, and we expect that to continue in 2017. With the understanding that securing their own infrastructures and employees is of top importance, organizations are beginning to scrutinize external entities that may negatively affect the secure environments they've invested in thus far. Enterprises are requiring that their partners invest in specific security approaches, such as security awareness and training, for them to become partners.
Kurt Wescoe, Chief Architect, on Protecting Privacy and the IoT Threat
On Privacy and Multi-Factor Authentication
The data privacy conversation for the average consumer must change in 2017, particularly as new government officials are faced with the debate of end-user privacy vs. potential national security issues. What needs to be understood is that context determines the impact a breach of privacy has on an end user or organization. The lack of control on that context when hacked is the negative end result that pro-privacy advocates will need to shed light on to end users and constituents influencing governmental and societal initiatives.
On a tangential note, we expect to see multi-factor authentication change pretty dramatically over the next 12 to 24 months. Authentication is likely to become more biometric in nature in the not-too-distant future, but as those technologies are perfected, organizations will begin to move away from mobile options in favor of dedicated devices. Though mobile devices helped to speed adoption and lower implementation costs (two benefits to tapping into existing technology), we don't expect mobile two-factor and multi-factor authentication to exist in their current forms by the end of 2017.
Overall, the trend we expect to see is security taking a higher priority over convenience to help combat compromised accounts, with authentication evolving into processes much more complex and acute.
On IoT Security
The Internet of Things (IoT) has already posed a unique threat to the security landscape, and it’s one that isn’t immediately visible to a consumer's untrained eye. Easy procurement of cheap IoT devices or WiFi-enabled products introduces a serious level of risk that most are unaware of.
In 2017, we'll need to answer to a lot of the mistakes that have been made in the name of faster go-to-market strategies and lower costs of goods. It’s essential that we continue educating consumers and employees on not only what makes a secure (vs. risky) IoT device, but also what the potential impacts of an insecure device could mean for privacy and organizational insurance policies.
Furthermore, safe usage training for these devices needs the support of brands, vendors, and cross-vertical influencers to move the needle. In 2017, we’ll start seeing a larger rally from these players to brand themselves as being providers of secure devices rather than focusing solely on delivering the latest, coolest-looking wearable or smart home device, and that will be a welcome change given that the latter message has taken precedence in marketing efforts so far.
Subscribe to the Proofpoint Blog