The future of security: 11 predictions for 2015

As natural philosopher and onetime baseball catcher Yogi Berra reportedly said: "It's tough to make predictions, especially about the future."

But that doesn't mean people and organizations don't try -- for good reason. In the world of business, correctly seeing the future even a few months out can provide a leg up on the competition or, in the case of cybersecurity, on ever-present attackers. A missed guess can leave one scrambling to catch up.

[ See how our predictions made out from this past year ]

So, herewith are some predictions for 2015 on security from research firms Gartner and Forrester Research, and from Arthur W. Coviello Jr., executive chairman of RSA.

Nation states vs. private sector

(Coviello) Nation-state cyber-attacks will continue to evolve and accelerate but the damage will be increasingly borne by the private sector.

"With no one actively working on the development of acceptable norms of digital behavior ... we can expect this covert digital warfare to continue," Coviello said. And it will increasingly be private sector firms that will be, "the intended victim or the unwitting pawn in an attack on other companies."

The rise of integrated threat intelligence

(Gartner) Internet of Things (IoT) device revenue growth of almost 30% will create new vulnerabilities and security demands relating to both physical and digital environments. The expected convergence of IoT security and information security technologies, along with increased regulatory activity directed at protecting critical infrastructure, will drive demand for integrated threat intelligence capabilities, including IoT-related threat data feeds.

More money, much more scrutiny

(Forrester) Security budgets will see double-digit growth in sectors outside of banking and the defense industrial base.

The downside to those increases will be an enormous amount of scrutiny and much higher expectations, not just from business leaders and counterparts in technology management, but also from customers, government agencies, and privacy watchdog groups.

The quest for a uniform threat language

(Gartner) The drive toward a common framework adopting a uniform language, such as Structured Threat Information Expression, will accelerate as a result of the complexity and challenges brought by the need to integrate IoT security data inputs for indicator of compromise (IOC) detection.

Pragmatic privacy

(Coviello) A maturing privacy debate will become more pragmatic and balanced. Prospects for responsible privacy policies and intelligence sharing legislation that would better protect our privacy may improve. One test of this prediction will be the outcome of the EU General Data Protection Regulation, which may reach a final form in 2015.

More billions of things, more billions of risks

(Gartner) 4.9 billion connected things will be in use in 2015, up 30% from 2014, creating disruption, continued opportunities and continued risk.

"Organizations must straddle the tension of all the information available from smart things by balancing their desire to collect and analyze it with the risk of its loss or misuse," according to Steve Prentice, vice president and Gartner Fellow.

Find the breach, botch the response

(Forrester) With new investments in breach detection, a large majority of companies (60%) will discover a breach, or more likely be informed of it by a third party like a government agency, security blogger or a customer.

But they will likely botch the response, given that only 21% of enterprises report that improving incident response is a critical priority. That means more cases of customers' trust undermined or corporate reputations dragged through the mud.

Unhealthy exposure

(Coviello) While retail will remain an ongoing target, well-organized cyber criminals will increasingly turn their attention to stealing PHI -- personal health information. It is not as well secured, is very lucrative to monetize in the cybercrime economy, and is largely held by organizations without the means to defend against sophisticated attacks -- healthcare providers.

Competing on privacy

(Forrester) Privacy will be a competitive differentiator, not just through lip service, but action -- appropriate privacy policies, enforcement and building privacy considerations into business operations and the products or services offered to customers.

That will require the leadership of a privacy champion -- a Chief Privacy Officer, Data Protection Officer, or privacy professional. Today, about a third of security decision-makers in North America and Europe view privacy as a competitive differentiator. That will increase to half by the end of 2015.

The essential, more secure, mobile payment option

(Gartner) A renewed interest in mobile payment will arise, together with a significant increase in mobile commerce, due in part to the increased security features of Apple Pay and similar near-field communication (NFC) efforts by competitors such as Google.

As device manufacturers and application developers improve usability and functionality and address users' security concerns, devices will become even more of an essential tool for customers, particularly the younger demographics.

Beware the Botnet of Things

(Coviello) The increase of machine-to-human and machine-to-machine interaction will only exacerbate the situation described in a tweet this past year as: "Who needs zero days when you've got stupid?" Get ready for the Botnet of Things. This trend along with the strong growth of IoT in the healthcare sector and the accompanying risks to PHI, has ominous implications.

Join the CSO newsletter!

Error: Please check your email address.

Tags security budgetsapplicationssecurityInternet of Thingsdata breachsoftwareForrester Researchinternetdata protectionprivacyGartner

More about AppleEUForrester ResearchGartnerGoogleIOCNFCRSA

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Taylor Armerding

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts