Security in the spotlight

With data breaches and security vulnerabilities increasing year after year.  Matt Middleton-Leal, regional director UK & I at CyberArk, offers his predictions for 2016.

  • 9 years ago Posted in
(1) Cyber security skills gap and the self-protecting network
In many organisations, keeping pace with the rate of emerging threats has put an enormous strain on IT security teams who are trying to get ahead of motivated attackers. In many cases, that requires advanced training for those who work in industries impacted by the increasingly complex Internet of Things and new skill sets that extend into rapidly growing areas like behavioural analytics. Investments in technologies that automate alerts on suspicious behavior or automatically contain threats can shoulder some of the burden. The emergence of a ‘Self-Protecting Network’ – a network that will learn to protect itself once an attack is detected - may be a response to the skills crisis.
 
(2) Data breaches put consumer privacy and Internet of Things in the security crosshairs
The VTech data breach could very well be the watershed moment for consumer privacy and Internet of Things (IoT). However, according to the Altimeter Group, 87 percent of consumers don’t have any idea what the term “Internet of Things” means. That will need to change quickly. In the coming year, consumers will need to be better equipped to ask questions about how their information can be collected by vendors, and understand how this information can be breached if not properly secured by the vendor. The risk to consumer security arises from the single insecure IoT device being connected to the home network or other devices – for example, the case of the smart kettle, through which the home network could be breached and connected devices accessed. These risks for consumers can be even higher for organisations. As the connected workplace fast becomes a reality, security concerns surrounding IoT will continue to grow. While smart devices hold the promise to make our working lives easier, they are too often rushed to market and not designed with adequate security in mind, making them a significant risk for enterprises, particularly as their usage becomes ubiquitous and the number of devices increases.
 
(3) Cyber crime and crimeware find juicy targets in enterprise
Looking back at 2015 there were several reported instances of extortion, which threatened to halt victim organisation’s operations or IT. In 2016, these attacks will become more aggressive, targeting the theft of financial information, threatening to publish damaging information and the rise of enterprise-wide ransomware. Incidents of ransomware will escalate as attackers find more creative ways to blackmail individuals and corporations; attacks will continue to morph and adapt to enterprise environments and take approaches like embedding worm-like behaviour and targeting application credentials to new levels. This activity may also be the impetus to further evolve and refine the global cyber insurance industry to increase protection for enterprise victims. In the U.S., we could witness cyber attack risk and preparedness having a greater impact on organisations’ credit analysis and bond ratings.  
 
(4) Physical and cyber terrorism converge on critical infrastructure
In 2015 we saw devastating acts of terrorism impact the global community. In 2016, we’ll see more convergence of physical and cyber terrorism. For example, we’ve already seen airlines being hacked into – instead of using the hacks to “bring a plane down,” the hacks could also be used to create confusion at an airport or similar hub (shutting down a ticketing system for example). We may see greater coordination between these two types of attacks – using a cyber attack to cause mass confusion and a physical attack to cause maximum damage. In addition to transportation, attacks targeting what is also considered “critical infrastructure” could impact health systems, financial markets and energy grids.  
 
(5) Cyber-treaties and legislation
Countries are introducing more legislation to try and curb malicious cyber activity, while entering into broad agreements to shape of the future of cyber-warfare. The risk is that regulations passed in countries could do more to harm technology advancement than it will curb malicious activity. To determine the long term impact of the German IT security law, EU Network Information Security (NIS) directive, and other examples like the Australian Signals Directorate (ASD) cyber intrusion strategies, it is necessary to find the tipping point between too much government involvement, and not enough. Defining compliance and holding organisations accountable for non-compliance will also play a role in determining if governments can flex their muscles on cyber security – and make a real impact.


(6) The encryption debate – can we balance encryption and civil liberties?
The terrorist attacks in Paris have renewed an ongoing debate being held since the Snowden revelations – should every day consumers have access to encryption technology? Does the need to monitor terrorist activities outweigh the privacy rights of citzens in blocking their communications?  Bottom line – will we see greater encryption and freedoms for citizenry, despite the security costs, or will 2016 be the year of greater civil liberties curtailment?  In some parts of the world, many citizens have already expressed their willingness to give up their privacy for increased cyber security.
 
(7) The Manchurian Candidate arrives
In the past 3 years, the US Federal Government and private business have sustained massive breaches of private information. As with the U.S. Office of Personnel Management and airline breaches, the question asked often is “what did they steal,” while the question often un-asked is “did they enter any information INTO our systems?” Will 2016 be the year that we discover that a spy, terrorist, or other government actor was actually vetted and approved based on information ADDED during a breach?
Research shows ‘game needs to be changed,’ with security innovation years behind that of the...
Node4 has released its Mid-Market IT Priorities Report 2021. The independent report reveals that...
Atos has launched Atos OneCloud Sovereign Shield, a set of solutions, methodologies, and...
New distribution agreement set to bolster Westcon-Comstor’s Zero Trust offering in more markets...
Research from Avast has found that employees in almost a third (31%) of Small and Medium...
This year, over half of MSPs or their end customers have been attacked by ransomware but only 53%...
Trend Micro has published new research revealing that 90% of IT decision makers claim their...
Cyber consultants call on businesses to act now, or risk budgets shrinking further in ‘real...