New year, new trends in cybersecurity

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.itproportal.com/2016/01/18/new-year-new-trends-in-cybersecurity/

> From the TalkTalk breach to the Ashley Madison scandal and the VTech
attacks, 2015 bore witness to an unprecedented number of cyberattacks. The
publicity and customer disappointment that surrounded them certainly
brought cybersecurity out from the fore and into the public eye.

With many of these attacks being on a very large scale, and felt by a host
of different industries, it would seem that hackers are desperate to get
their hands on our data, and are using increasingly sophisticated
techniques to get to us through the companies we trust.

In 2015 it was clear for all to see: cybersecurity is no longer just an IT
issue, it’s a business issue, and a serious breach can lead to customer
loyalty, public image and share price all being severely affected. With
this in mind, if businesses can make any resolutions for 2016, it should be
to put cybersecurity at the forefront of their agenda and protect their
data and customer trust alongside it. Here’s my take on the trends to look
out for in the year ahead:

Insecure digital services are the biggest threat

Whilst securing digital services can be expensive, it’s much more expensive
not to in the long run, as these days an upcoming threat is no longer an
‘if’, it’s a ‘when’. Acknowledging the need for security measures from the
outset is the attitude CSOs should adopt in 2016, and digital service
providers should build effective cybersecurity measures into their
application development lifecycle from square one. It’s up to these
companies to ensure that consumers and enterprises don’t place their trust
in digital services that are fundamentally insecure.

Don’t let IoT send best security practice backwards

This is more important now than ever, what with the ever-increasing
applications of the Internet of Things we’re already seeing in 2016. But
the rush to join the IoT revolution means that security is, once again,
becoming an afterthought for many companies. This shouldn’t be the case
though, for as the IoT market size increases exponentially, hackers have an
expanded surface area. What’s more, when devices are communicating to each
other across manufacturers, there’s a security gap there that hackers can
manipulate. If manufacturers focus on securing their smart products from
the development stage, they’ll ensure that hackers don’t cause the exciting
developments in IoT to take a step backwards.

The rise of artificial intelligence

Investment in artificial intelligence will aid IT departments in their
efforts to identify breaches before the damage gets too severe. Through
threat analysis, threat detection and threat modelling, the predictive
security solutions that AI facilitates saves time compared to manual
efforts, enabling a company to react to a breach much quicker and ensuring
the company does not lose any further data. The potential for AI’s
development in this area is huge, and if CSOs can find the right balance
between AI and human endeavour, they’ll be taking a significant leap
forward in their security efforts.

Is the password dead?

In 2016 it will be really important to educate your staff on the importance
of security, too, so that your organisation’s security is bolstered at
every single level. The humble password is on the decline, and companies
must ensure that employees accessing company networks are authenticated via
multiple layers of protection rather than a traditional one-word password.
This is especially true for companies that hold valuable intellectual
property and sensitive data.

Combating ransomware is imperative

Combating ransomware should be another area of focus for CSOs this year, as
it’s becoming an increasingly popular business model for cybercriminals,
and will continue to pose a significant threat. When a breach occurs via a
ransomware-based attack, it’s important not to pay out – the ransom is,
after all, what funds cybercriminals in the first place and contributes to
the continuation of this method. Companies should focus on combating
ransomware, rather than paying it off. What’s more, with new rules proposed
by MEPs, technology firms and those running critical services will have to
report cyberbreaches. Having this information in the public eye will make
paying off ransom less effective, as these breaches can no longer be
brushed under the carpet.

What the Safe Harbour ruling means for data hosting

With the new rules on disclosing breaches proposed by the European
Parliament, and the Safe Harbour ruling that occurred in October,
cybersecurity is a growing government priority. The Safe Harbour ruling in
particular has forced major technology companies to overhaul their
operations to stay on the right side of the law. For businesses in Europe,
these tougher European Data Protection Laws mean that contracts with cloud
vendors and managing data flows will be a huge priority when it comes to
staying within the law. Meeting growing privacy concerns of European
customers that want to know how and where their data is being stored should
be at the top of their lists, too.

It’s certainly set to be a challenging year for IT departments worldwide.
Now more than ever companies must ensure they’re doing all that they can to
protect business and customer data, so their reputation doesn’t hang in the
balance.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Need access to data breach details or alerts when new breaches happen? Risk Based Security's Cyber Risk Analytics 
portal, fueled by the RBS breach research team, provides detailed information on how data breaches occur and which 
vendors to trust. Contact us today for a demo.