What cyber trends to expect in 2016

Thirteen security executives break out their crystal balls to delve into what is on the cybersecurity horizon for next year.

2015 was another tumultuous year of more cybersecurity attacks and no different from the past few years. While it is nice to finally see cybersecurity becoming a priority with executive leadership teams and company boards alike, there is still plenty of room to improve as the attack vectors continue to evolve.

The industry is changing where we now have companies monitoring the pubic Internet traffic and assigning company rankings/scoring process for every US company. It is similar to Standard & Poor’s in which a bank’s credit rating may be impacted for poor cybersecurity. Everything is changing at a rapid pace. In particular, five technologies appear to be driving forces in spurring new industries and gadgets that create a completely new landscape for computer hackers, according to industry experts. These fundamental technologies consist of the following:

Wearable technology--This new frontier of miniaturized personal gadgets can improve our health while also take mobile connectivity to a completely new level -- yet security appears to be an afterthought.

Internet of Things (IoT)—IoT will have a huge future, because we are “network enabling” every possible interface in our lives that can range from unlocking our front door on our mobile phones to smart cities that can intelligently manage traffic flows to reduce carbon monoxide emissions. While this is exciting technology, the security flaws are enormous and could stifle adoption.

Big Data—This market segment is exploding with aggregating consumer data to analyze purchasing behavior, spotting society trends, to medical research. The biggest drawback, security breaches are going to get worse and more difficult to fix. As more data is aggregated with our population, companies will be selling and buying this information to aggregate with other data sets and this means big personal profiles are already being built for every citizen. If you think the NSA is bad about collecting your data, Big Data is collecting far more information than the NSA and imagine what a Big Data security breach will look like when a company loses 50-plus critical data elements of “you.”

Network Based End Point Security--This market is exploding because enterprises can no longer effectively manage their patch management program and traditional anti-virus does not effectively protect against zero-day attacks. When operating system patches are implemented, the applications that reside on these operating systems will most likely malfunction. This is causing a patching problem, because upgrading applications can be a one-year project because of the configuration management, process changes, and employee training. End point security has transitions from a “nice to have to a must have.”

Cloud services—Rapid cloud adoption is fueling the shear economies of scale to being able to have quick solutions within 30 days versus waiting for the IT department to deliver a solution in nine months. Cloud services has empowered every cross functional area in a business to shop for the IT services they need, because their own IT department cannot deliver as fast as a cloud service provider. While cloud services may be popular, who is accountable for security in the cloud beyond a contract is still questionable.

These technologies have serious cybersecurity ramifications that will open new doors to exploit weaknesses and take data theft to a completely new scale. Hackers are getting smarter and better at what they do. Below 13 highly respected industry experts provide their insights as to what we should see in 2016:

David Cass-CISO Cloud & SaaS, IBM: The way the world works has fundamentally changed. It is about ubiquitous access to your work data, and leveraging advanced capabilities. Cloud continues to mature and is now more about the capabilities than just cost savings. Being able to leverage advanced capabilities opens new competitive advantages to adopters that were not available in the earlier years. This means protecting applications and data no matter where they reside is important. As organizations look to the cloud as an enabler of this change, organizations should focus on three key capabilities from a security point of view. Those are managing access, protecting data, and gaining visibility through auditable intelligence on access, activity and compliance.

JD Sherry-CEO, Cavirin; Cyber resiliency in 2016 will continue to grow exponentially as more organizations adopt and grow their use of cloud computing. Extension of security controls to these ecosystems are essential to continue to reduce the risk profile of a business. To that end, organizations will look to invest heavily in cyber security insurance to help offset inevitable losses due to breaches in the New Year.

Malcolm Harkins—CISO, Cylance: AV is not dead, it is being re-imagined and artificial intelligence is the next new platform. People don't want just another monitor that adds to their total cost of controls and adds to the “alert fatigue” they are experiencing. They want to stop malware prior to execution, which is why a shift toward real prevention has more strategic benefits than just piling on more reactionary capabilities in detection and response. Prevention is a control type that actually minimizes vulnerability and the potential for harm. Detection and respond control types are damage minimization type controls, which mean harm is already starting to occur.

Scott Vowels—SVP, IT Security, Comerica Bank: We’ll see an increase in the buildup of hunter teams and in-house developed tools that will compete with or replace vendor developed solutions to detect suspicious activity broadly. This competition will be good for all of us. It will ultimately result in greater detection capabilities but this will put pressure on rapid response and incident response teams.

Join the CSO newsletter!

Error: Please check your email address.

More about APTComericaCSOFBIGoogleIRIT SecurityLeaderLinuxNSAProtivitiVerizon

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Todd Bell

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place