It’s been a crazy year full of exponential growth and change in the security world. But as the year winds down, it’s time to reflect on what we learned and start focusing on the new challenges and opportunities that await us in 2016
We took the chance to ask some leading cyber experts for their thoughts and predictions for the upcoming year and here’s what they had to say:
Doug Meier, Director of Information Security at Pandora
With 2016 right around the corner, Doug believes security professionals will retool the way they think about cyber security overall. “Network perimeter defense are inadequate to the enterprise cloud security concerns of today and the future,” he states. “2004 seems like it was a hundred years ago. Forward-thinking CISOs are going to realise that information security is no longer ancillary to the product. Security is the product.”
With 2016 approaching, Doug foresees some challenges down the road. “One concern is that DevOps work, conducted mostly at the API integration border, may be moving too quickly to accommodate rigorous security testing. Another is that with the IoT being, by definition, devoid of adequate security controls, low-cost convenience may rule the day.”
But he also anticipates some notable improvements. “There’s a growing awareness at non-technical leadership levels that security isn’t a one-off, but a constant. And, cloud vendors are beginning to understand that SSO integration is a must-have feature.”
David Duchan, Senior Security Solution Engineer at a Major Global Retailer
In the “BYOx” world we live in, where users are installing productivity apps left and right, David predicts an exponential increase in smaller scale data exposures. While not all of them will be highly critical exposures, the sheer volume may become difficult to manage and the cumulative effect could be alarming.
“To combat this, companies need to embrace the desire for collaboration capabilities, while putting controls in place to only allow whitelisted applications and platforms to be installed or enabled in their environment.”
When asked how organisations should adapt their approach to security going forward, David emphasised how important it is to control your environment. “Investing in application and device control tools, and accepting that there is a cost to securely enabling productivity returns the power back to the company.”
Paul Locander, Senior Director of Global IT & CISO at BroadSoft
When anticipating upcoming shifts in the cyber security space for 2016, Paul expects organisations to adopt what he calls an offensive defense. “I predict that the cyber security space will become more aggressive in tackling threats in real time as much as possible,” he said. “Somehow, companies will start taking the fight to the attackers...well at least I would like to see that!”
When thinking about upcoming challenges, Paul believes that companies will have to split their focus between preemptively preventing today’s threats while proactively anticipating those to come. “Organisations will start to become more aggressive in securing the end-points,” he says. “That is the greatest, softest attack vector being gone after today. The biggest challenge will continue to be forecasting what the next attack frontier will be tomorrow.”
David Meyer, Co-Founder & VP Product Management at OneLogin
David believes that 2016 will be the year when security finally comes front and centre. “Modern enterprises will view cloud identity and security initiatives as critical business accelerators, rather than additional activities to meet compliance mandates.”
He also predicts a shift toward cross-platform identity management in the coming year. “Multi-factor authentication (MFA) will become more ubiquitous,” David believes. “It will be leveraged in the identity management platform to secure all applications rather than being restricted to individual apps.”
Overall, David foresees intelligence in the cyber security space becoming more fluid and flexible. “When it comes to detecting outlier behavior and mitigating risk, security policies will become more adaptive to context, rather than being defined by hard rules.”
And me, Yishai Beeri, Director of Cyber security Research at CloudLock
Personally, I believe 2016 will bring about a newly heightened focus on protection against cloud malware. What you once thought was confined to the network is now rising to the cloud. This is going to become top of mind as organisations consider adding a CASB or other cloud security solution to their arsenals.
I also anticipate a large shift toward integration and consolidation in cloud security solutions. With the rising adoption of multiple SaaS, IDaaS, IaaS and PaaS environments - and a growing base of cloud security vendors - there’s an increasing need for security solutions to talk with each other, bringing cross-platform insights and alerts to a single pane of glass.
Accelerating cloud adoption is sure to boost productivity for organisations, but it’ll bring new risks as well. The user is the weakest link when it comes to data breaches, and with just 1 per cent of users responsible for 75 per cent of risk in the average organisation, 2016 should be an interesting year.
What Should You Be Doing To Prepare For 2016?
Gear up for the new year by understanding where your risks lie. Cyber attacks today target users - not an organisations’ infrastructure. While businesses are clearly embracing the power of cloud applications, internal users, external collaborators and third-party apps are dramatically increasing the threat surface for new cloud cyberattacks.
As technology leaders wake up to this new reality, security programs will be re-engineered to focus where true risk lies: with the user. By involving the most active users in the security process, organisations can rapidly mitigate the majority of cyber security risk.
Yishai Beeri, Director of Cyber security Research at CloudLock