It has been pretty much agreed by tech execs that when it comes to cyberattacks and data breaches, the issue is no longer "if" but "when". With that in mind, the shift in 2016 may be from incident prevention to incident prediction.
That is the forecast of Richard Greene, CEO at Seculert, a security analytics firm in Silicon Valley. Greene said cyber criminals are always one step ahead of IT security experts, but it's time to reverse that trend. That requires a new focus on understanding when security incidents will most likely happen in the first place.
Successful cyber defense in 2016 should be all about effective strategy, Greene said. He shared his thoughts with Information Management on what he expects will be the top trends in information security in the New Year. CIOs and CISOs should expect the following:
Prediction will become the top focus of security.
“Up until 2014, the cybersecurity industry considered prevention to be their sole objective. Sophisticated enterprises then began to complement their prevention strategies with detection technologies to get the visibility on their infrastructure they lacked. In 2016, prevention will emerge as a new priority with machine learning becoming a key tool for organizations that want to anticipate where hackers will strike,” Greene says.
The adversary continues to get smarter.
“Common cyber criminals will no longer be the most common threat,” Greene notes. “Sophisticated criminal gangs with modern organizational models and tools will emerge as the primary threat. Besides being well funded these attackers have the luxury of time on their side, so they’re able to develop more advanced techniques not yet anticipated by the cyber-defense community.”
Governments go on both cyber-defense and cyber-offense.
“Public sector hackers will rarely attempt the kind of attack we saw in Ukraine this year, but we can expect a growing number of state v. state reconnaissance attacks as cyber ‘armies’ research the strengths and weaknesses of their opponents,” Greene explains
Money is no longer the sole motivator.
“Rather than hacking for just for financial gain, in 2016 we’ll see cybercriminals infiltrate to cause physical damage,” Greene predicts. “Hacktavist groups have already proven they are not motivated by money, but rather by a cause. When money is no longer the motivator, infrastructures, priceless artifacts and more are put at risk.”
The Internet of Things expands the attack surface.
“Anything that is connected to the Internet can be an attack surface. It’s just a matter of time before you discover the Fitbit on your wrist or the thermostat connected to your WiFi can be used as the starting point to penetrate corporate and government networks,” Greene says.
The CISO will have a new and expanding role.
Finally, Greene says the responsibilities of IT security leaders “will shift from managing tedious work cycles on uncovering, analyzing and reporting threats, to an elevated role where they must think proactively and strategically to ensure the greater enterprise can achieve its strategic goals.”
Register or login for access to this item and much more
All Health Data Management content is archived after seven days.
Community members receive:
- All recent and archived articles
- Conference offers and updates
- A full menu of enewsletter options
- Web seminars, white papers, ebooks
Already have an account? Log In
Don't have an account? Register for Free Unlimited Access