Serious Cybersecurity Challenges Ahead in 2016
Published 01/28/2016
By Phillip Marshall, Director of Product Marketing, Cryptzone
By now you’ll have settled into the New Year, looking ahead at what’s to come as we move swiftly through January. However, there are numerous unsettling predictions that mean 2016 is a year of many serious cybersecurity challenges – from new types of hacks, skills shortages to increased insider threats. We’ve rounded up a number of 2016 predictions from industry experts and vendors that every organization regardless of size should pay close attention to and put together a strategy to address.
- Increased Need to Restrict Access and Secure Content: Dark Reading presented our first noteworthy prediction. “Chief Information Security Officers (CISOs) will become the new “it” girl of security, not only in enterprises with healthy security budgets, but in data-driven startups where housing sensitive information is core to their business,” say Tim Chen, CEO, and Bruce Roberts, CTO of DomainTools.
It increasingly seems that a day does not pass without a news story on the loss of sensitive information. If that information isn’t secured properly and is accessed by unauthorized parties, the damage to an organization is massive. Financial penalties, regulatory sanctions, lost company confidential information and brand damage – all of these circumstances can be avoided by restricting access to and encrypting content wherever it lives and travels.
- Security is becoming a Shared Responsibility: TechCityNews offered our next prediction of merit which expands on who is responsible for cybersecurity. “Demand for security products has grown, and is only set to grow further; and responsibility for security is now held in more parts of any organization. In other words, people other than the security analyst and the chief information security officer, who have traditionally been the users of security tools, are being made responsible for making sure private information and intellectual property is secure. The responsibility lies with both the C-suite, as share price is directly impacted by a breach, as well as with the developer, who has to ship safe code and include security features on products as they are built.”
Too much is at stake for organizations that have been breached. We don’t necessarily think this is a prediction so much as a requirement for all organizations this year.
- Insider Threats to Increase: Insider Threats Abound – lock down your IT says ITProPortal in its 2016 predictions. “Massive disruption (Uber style) to existing industries and wholesale digitization will create job losses and potentially significant numbers of disaffected employees capable of compromising IT systems. So, we’re likely to see a renewed focus on ‘locking down’ information systems, by ensuring secure configurations, removing vulnerabilities, strictly controlled use of privileges and by ensuring that critical systems and applications are patched up to date.”
Insider threats are a clear issue especially as we believe all cybercrime is an inside job (see our webinar with Forrester Analyst, John Kindervag on this topic). In 2016, organizations need to first adopt the principles of zero trust to combat malicious insiders on the network level. Individuals should only ever have access to the resources they need to do their job, and this should only ever be granted in reasonable contexts. Otherwise, there’s nothing stopping them from spending their downtime trawling entire network segments for sensitive information. Second, to avoid data breaches caused by careless behavior, organizations need strong content-level security. By encrypting, tracking and restricting access to files that contain sensitive information, they can mitigate the consequences of misdirected emails and similar incidents.
- You’ll need to do more with fewer skilled professionals: Another issue in 2016 – skills shortages in cyber security increase. This prediction came up time and time again throughout our research. As the demand to defend against cyber threats increase, the resources to achieve this decrease. Skills shortages “will mean that fewer and fewer organizations are able to build or manage cyber security defenses themselves, or even be able to make effective use of cyber security technologies.”
Benjamin Jun, CEO, HVF Labs echoed this sentiment in his prediction that “Microservices will change the build vs. buy debate as identity management and customer data will be increasingly migrated to specialized cloud services in 2016. Developers will insert vetted services and code into their own software, avoid building from scratch, and obtain a security level better than most homegrown offerings. And, for companies who insist on build-your-own, relief is coming in 2017 when container technologies will allow in-house teams to practically manage and integrate microservices of their very own.”
Geoff Smith of Experis commented in one prediction that the “worrying news is that breaches are inevitable, while a shortage of skilled cybersecurity professionals is likely to push up the costs of beefing up defenses and dealing with attacks.”
The build vs. buy debate will never end, but with skills shortages a-plenty, help from cyber security vendors that specialize in network security and data protection is necessary in 2016.
- Customers Care! Increasingly, customers will want to know how you’re securing their data: Malcolm Marshall, Partner and Global Leader, Cyber Security at KPMG said “In 2016, we will see that consumers care about security shock – more businesses will realize that sophisticated customers actually care about security in the products and services and will realize that security, ease of use and “coolness” are not mutually exclusive.”
Allowing customers’ data to be stolen is bad for business. Your customers want to know their data is safe. They want you to comply with regulations and they want you to do everything you can to prevent cybercrime. We previously predicted this trend would continue and it has. Customers want proactive cybersecurity — not reactive analysis and temporary repairs. Findings show that companies are ramping up their spending to prevent cyberattacks after a string of breaches at financial firms and big retailers. This trend will continue.