More SCADA system exploits are likely to be reported. DDoS attacks and ransomware will continue to trouble organisations. Privacy issues will gain prominence, nationally and internationally, keeping policy makers busy.
Cloud-based cyber security technology will continue to erode traditional, appliance-based solutions. The realization of lowering OPEX and CAPEX costs, along with increased capacity, computation power, and effectiveness will become dominant.
We expect public cloud adoption to continue to grow. This will force companies to rethink the way they secure their resources, and will encourage service providers to develop new security and networking tools that are native to cloud platforms.
One word: litigation. And lots of it. 2016 will be the year that cybersecurity and data breach lawsuits reach new records. Unprepared businesses may take big losses or be driven into oblivion.
It’s the year of encryption. Encryption will be deployed by everyone, allowing personal and business data to be protected in transit and at rest, preventing data breaches in the cloud.
Analytics has become a powerful tool in the detection of cyber threats, but 2016 will focus on operationalizing these capabilities so detection can be tied to “next steps” in remediation.
I see autonomic data governance gaining momentum as a means for augmenting traditional information protection protocols. Best thing about it.. eliminates passwords and at the same time ENFORCES company governance policies at the data layer with little or no loss of performance.
Cybersecurity is the #1 concern in today’s environment. Enhanced Malware, Ransomware and Cyber Reconnaissance will become deeply enhanced moving forward. Adding Cyber Insurance will become mainstream.
As data breaches from third party suppliers increase, cybersecurity tech will extend beyond internal security perimeters to encompass security awareness and monitoring of outside vendors and partners.
There is a false perspective that sophisticated attacks are too difficult to prevent. But detection is NOT the new prevention. The mission must be to STOP them, not just become proficient at detecting them.
CISOs should assume hackers will find a way into the network, and shift from breach prevention to breach detection, monitoring the network in real time for signs of nefarious activity.
Businesses struggling to get adequate cyber security insurance coverage will look to cyber security solutions like secure communications clients and stress testing in order to save money on insurance rates.
The immediate future in cybersecurity is a shift to implement endpoint visibility as an augment to network-based observations. Scaling this requires significant levels of technology and human expertise.
Increasingly companies will offer consumer products through mobile platforms with the easiest access possible. “Ease of access” always comes at the cost of security therefore we’ll see increased data thefts.
Attacks via Internet of Things devices are going to become more and more commonplace as IoT reaches mainstream adoption, both at home and in the workplace.
A few years ago, security prophesiers were called paranoid. Now cybersecurity is business necessity. Security tech must shift from preventing vulnerabilities to making network intrusion significantly less fruitful for hackers.
We will move away from hardware-based security gateways, VPNs etc. toward cloud-based end-user encryption. The easiest path you give users to data protection, the more secure a network will be.
The attacks will evolve using polymorphic behaviors. We should also expect a development of complex adware in the next future. Highly effective and targeted attacks will replace large scale operations.
In 2016 we’ll see a headline compromise of a business, whether at the enterprise or consumer level, through low standards of security for mobile apps. It’s a ticking time bomb…
Cyber security will move toward an adaptive model where organizations correlate multiple sources of threat intelligence so they can deploy the right solutions for visibility, prevention, detection and response.
Not only will this kind of attack continue, but a change in it – “I will infect someone’s device with ransomware for you for a reasonable price”—will likely expand.
Preventive controls such as classic anti-virus will become more and more useless and organizations will focus on detective and corrective controls (e.g. monitoring and incident response).
I expect we’ll see Security and DevOps teams working together closely in a cohesive approach to achieve a continuous delivery framework that delivers faster, more secure applications.
Although an absolute pledge of protection against data loss is far-fetched, client-side encryption is quickly emerging as the most realistic alternative to end-to-end encryption.
The primary change in Cybersecurity will be a movement towards password replacement using several alternatives.
The challenge for Cybersecurity in 2016 is skills. Technology is moving faster than our skill set. Core education from school to university needs to adapt with the new World.
More and more organizations will be shifting away from the antiquated detection-based approach used in products like anti-virus, to the next generation isolation-based approach.
Most I.T. professionals and their bosses will discover (the hard way) exactly how little they know about Cybersecurity, much less implementing meaningful protective measures and staying accountable to leadership.
Expansion in new security solutions and services again, meaning overlap of great ideas (with some fakers). New technology and choices for organizations, but be wary…the market will inevitably contract.
Employees continue to bring their own devices (BYOD) into the workplace and efforts need to be made to secure these devices.
Cybersecurity is still mainly focused on prevention. Today the challenge is the ability to detect an active network attacker that has circumvented preventative security. Attackers will get in; one needs to find them before they can steal or cause damage.
Public key infrastructure and blockchain technology introduce a new method for creating secure organizational framework and ensuring data integrity across a network. PKI solutions for blockchains are one to watch for.
Enterprises need to strike an equal balance between their protect and defend approaches. Tilt the balance, and the security strategy will not be as effective to combat today’s cyber crime.
Understand adversaries WILL infiltrate organisations – focus on limiting the damage they can do once in. Micro-segmentation, dividing physical networks into hundreds of logical micro networks, or micro segments, is key.
Markets all over the world will see a rise in ‘insider breaches,’ with more public examples of data breaches occurring from the inside the company. Organisations that only focus on their perimeter, need to understand that threats can come from anywhere.
In 2016, we expect to see an increase in breaches of cloud services, and hackers will use credentials to cloud services as a major attack vector. Social engineering tactics will focus on mimicking cloud login screens to gain credentials.