Beyond big breaches: Cybersecurity predictions for 2016

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.itproportal.com/2015/12/07/beyond-big-breaches-cybersecurity-predictions-for-2016/

In 2015, buried beneath the seemingly constant news about major data
breaches (see Ashley Madison, the U.S. Office of Personnel Management,
Anthem, etc.) was the fact that business leaders are getting a better
handle on the significance of cybersecurity. While cybersecurity remains a
pain point for most organisations, the C-suite and general IT pros are
gradually becoming more security-savvy, and that should be viewed as a
positive. A lot of work is yet to be done in the world of cybersecurity —
reflecting on what we’ve learned this past year, here are five things we
expect to see in 2016:

1) Election-year debates will be inundated with talk about privacy

Regardless of party affiliations, candidates will continue to share their
positions about privacy and the data-gathering of public and private
organisations. The unfortunate reality is that none will likely advocate
for the considerable changes needed to substantially upgrade the security
and stability of threatened US infrastructure.

Regardless of the increasing vulnerabilities (think: OPM breach),
classified information theft, and evidence of nation-state and organised
criminal activity, there won’t be enough of a focus on the actual
protection of critical systems, data and services by US candidates.

In the year ahead, personal data privacy will remain the top focus, and the
weight given to this issue will muddle the difficult discussions of
investment and change needed to create an environment that can ensure
privacy. Expect more finger-pointing in the wake of new attacks and
breaches, but little proactive plans to address familiar and long-standing
weaknesses in federal information technology systems.

2) Cybersecurity goes mainstream

Overwhelmed by a sea of new monitoring, endpoint and threat solutions,
organisations are still struggling to make sense of the technologies while
trying to secure executive buy-in and funding for new initiatives. In 2016,
we expect to hit a tipping point and ultimately see the technologies and
jargon used to define security become simplified. Less-dense terminology
and more accessible, user-friendly security software will encourage new
investment from non-security IT staff, and will shift the perception of
value in the market.

3) Terrorist sponsored cyber attackers will increase impact and visibility

The irregularity and secrecy of cyber-attacks will cause an increase in
political and protest-oriented attacks next year. Worldwide political
tension over immigration, global warming and socioeconomic inequality, and
ongoing conflict in the Middle East and Eastern Europe will create
opportunities and targets for message-driven attacks against both the
online presence and infrastructure of organisations and governments. Expect
to see a groundswell of inconvenient and embarrassing disclosures, with
some concentrated attempts to shut down systems or communication channels.

4) Training and certification programs will be more widely available

With projected cybersecurity headcount deficits hitting the millions,
assume an influx of providers offering to educate security-capable analysts
and implementers at reasonable costs. Coursework from existing specialized
vendors like SANS and CyberAces will be refined, while online and on-campus
institutions will provide college-level courses, and potentially the
development of new certifications that decrease the depth of skill
necessary to achieve existing high bars for security practitioners.

Organisations will continue enhancing their IT staff with security-trained
personnel, but will aim to do so at a lower cost than that required by
today’s CISSP’s and established security analysts.

5) A rise in civil liability settlements will force industries to classify
practical cybersecurity requirements

Prior to 2014, almost every class action suit filed against companies who
lost customer or employee private information was dismissed, citing a lack
of provable, proximate damages to the victims. In 2015, we saw more
settlements from large companies (Sony, Target) and smaller organisations
(AvMed, New York and Presbyterian Hospital, R.T. Jones). Suits are also
moving forward between insurance companies and those insured for cyber
protection over what should be covered and whether policies are being
breached.

The participation of insurers, large institutions and the improved
understanding of the gravity of these breaches will combine to quickly
increase the number of cases brought to court. Financial liability will
encourage industries to establish required – not recommended – best
practices.

Anticipate cybersecurity dominating tech news and trends throughout 2016.
As the C-suite and IT teams continue learning more, they will need to
commit time (and dollars) to better understand cybersecurity risks and
identify new solutions in the year ahead.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!