Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats //

Insider Threats

10:30 AM
Steve Durbin
Steve Durbin
Connect Directly
E-Mail vvv

A False Sense of Security

Emerging threats over the next two years stem from biometrics, regulations, and insiders.

Over the coming years, the foundations of today's digital world will shake — violently. Innovative and determined attackers, along with big changes to the way organizations conduct their operations, will combine to threaten even the strongest establishments.

At the Information Security Forum, we recently released "Threat Horizon 2020," the latest in an annual series of reports that provide businesses a forward-looking view of the increasing threats in today's always-on, interconnected world. In this report, we highlight the top threats to information security emerging over the next two years, as determined by our research.

Let's take a look at a few of our predictions and what they mean for your organization.

Biometrics Offer a False Sense of Security
Biometric authentication technologies will flood into every part of an organization, driven by consumer demands for convenience and the promise of added security for corporate information. However, organizations will quickly realize that they are not as protected as they thought as this sense of security turns out to be unfounded. Attackers will learn to find increasingly sophisticated ways to overcome biometric safeguards.

Demands for convenience and usability will drive organizations to move to biometric authentication methods as the default for all forms of computing and communication devices, replacing today's multifactor approach. However, any misplaced trust in the efficacy of one or more biometric methods will leave sensitive information exposed. Attacks on biometrics will affect finances and damage reputations.

Existing security policies will fall well short of addressing this issue as organizations — from the boardroom down — use new devices that depend on biometric technology. Failure to plan and prepare for this change will leave some organizations unwittingly using a single, vulnerable biometric factor to protect critical or sensitive information.

New Regulations Increase the Risk and Compliance Burden
By 2020, the number and complexity of new international and regional regulations to which organizations must adhere, combined with those already in place, will stretch compliance resources and mechanisms to breaking point. These new compliance demands will also result in an ever swelling "attack surface" that must be protected fully while attackers continually scan, probe, and seek to penetrate it.

For some organizations, the new compliance requirements will increase the amount of sensitive information — including customer details and business plans — that must be stockpiled and protected. Other organizations will see regulatory demands for data transparency resulting in information being made available to third parties that will transmit, process, and store it in multiple locations.

Balancing potentially conflicting demands while coping with the sheer volume of regulatory obligations, some companies may either divert essential staff away from critical risk mitigation activities or raise the impact of compliance failure to new levels. Business leaders will be faced with tough decisions. Those that make a wrong call may leave their organization facing extremely heavy fines and damaged reputations.

Trusted Professionals Divulge Organizational Weak Points
The relentless hunt for profits and never-ending changes in the workforce will create a constant atmosphere of uncertainty and insecurity that reduces loyalty to an organization. This lack of loyalty will be exploited: the temptations and significant rewards from leaking corporate secrets will be amplified by the growing market worth of those secrets, which include organizational weak points such as security vulnerabilities. Even trusted professionals will face temptation.

Most organizations recognize that passwords or keys to their mission-critical information assets are handed out sparingly and only to those that have both a need for them and are considered trustworthy. However, employees who pass initial vetting and background checks may now — or in the future — face any number of circumstances that entice them to break that trust: duress through coercion; being passed over for promotion; extortion or blackmail; offers of large amounts of money; or simply a change in personal circumstances.

While the insider threat has always been important, more than the organizational crown jewels are under threat. The establishment of bug bounty and ethical disclosure programs, together with a demand from cybercriminals and hackers, means the most secret of secrets (essential penetration test results and vulnerability reports, for example) are extremely valuable. Organizations that rely on existing mechanisms to ensure the trustworthiness of employees and contracted parties with access to sensitive information will find existing mechanisms inadequate.

Preparation Must Begin Now
To face mounting global threats, organizations must make methodical and extensive commitments to ensure that practical plans are in place to adapt to major changes in the near future. Employees at all levels of the organization will need to be involved, from board members to managers in nontechnical roles.

The themes listed above could affect businesses operating in cyberspace at breakneck speeds, particularly as the use of the Internet and connected devices spreads. Many organizations will struggle to cope as the pace of change intensifies. These threats should stay on the radar of every organization, both small and large, even if they seem distant. The future arrives suddenly, especially when you aren't prepared.

Related Content:

Learn from the industry's most knowledgeable CISOs and IT security experts in a setting that is conducive to interaction and conversation. Early-bird rate ends August 31. Click for more info


Steve Durbin is Managing Director of the Information Security Forum (ISF). His main areas of focus include the emerging security threat landscape, cybersecurity, BYOD, the cloud, and social media across both the corporate and personal environments. Previously, he was Senior ... View Full Bio
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Apprentice
9/4/2018 | 6:44:40 PM
the security issues
we always prefer security for our devices and also conscious of our privacy. but here I get proper ideas about the false sense of the security. I visited mobile repair Dubai for more details.
Mobile Banking Malware Up 50% in First Half of 2019
Kelly Sheridan, Staff Editor, Dark Reading,  1/17/2020
7 Tips for Infosec Pros Considering A Lateral Career Move
Kelly Sheridan, Staff Editor, Dark Reading,  1/21/2020
For Mismanaged SOCs, The Price Is Not Right
Kelly Sheridan, Staff Editor, Dark Reading,  1/22/2020
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment:   It's a PEN test of our cloud security.
Current Issue
IT 2020: A Look Ahead
Are you ready for the critical changes that will occur in 2020? We've compiled editor insights from the best of our network (Dark Reading, Data Center Knowledge, InformationWeek, ITPro Today and Network Computing) to deliver to you a look at the trends, technologies, and threats that are emerging in the coming year. Download it today!
Flash Poll
The State of Ransomware
The State of Ransomware
Ransomware has become one of the most prevalent new cybersecurity threats faced by today's enterprises. This new report from Dark Reading includes feedback from IT and IT security professionals about their organization's ransomware experiences, defense plans, and malware challenges. Find out what they had to say!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-01-23
Incorrect username validation in the registration processes of CTFd through 2.2.2 allows a remote attacker to take over an arbitrary account after initiating a password reset. This is related to register() and reset_password() in auth.py. To exploit the vulnerability, one must register with a userna...
PUBLISHED: 2020-01-23
A flaw was found in the JBoss EAP Vault system in all versions before 7.2.6.GA. Confidential information of the system property's security attribute value is revealed in the JBoss EAP log file when executing a JBoss CLI 'reload' command. This flaw can lead to the exposure of confidential information...
PUBLISHED: 2020-01-23
An untrusted deserialization was found in the org.apache.xmlrpc.parser.XmlRpcResponseParser:addResult method of Apache XML-RPC (aka ws-xmlrpc) library. A malicious XML-RPC server could target a XML-RPC client causing it to execute arbitrary code. Apache XML-RPC is no longer maintained and this issue...
PUBLISHED: 2020-01-23
Philips Hue Bridge model 2.X prior to and including version 1935144020 contains a Heap-based Buffer Overflow when handling a long ZCL string during the commissioning phase, resulting in a remote code execution.
PUBLISHED: 2020-01-23
Citrix XenServer 4.1, 6.0, 5.6 SP2, 5.6 Feature Pack 1, 5.6 Common Criteria, 5.6, 5.5, 5.0, and 5.0 Update 3 contains a Local Privilege Escalation Vulnerability which could allow local users with access to a guest operating system to gain elevated privileges.