- Hackers will truly embrace the ‘Internet of Things’:
We’ve been talking about the ‘Internet of Things’ (IoT) for some time, but in 2016, IoT will rapidly expand the attack surface and present a very real threat to individuals, businesses and governments.
Adversaries will exploit the influx of connected devices – everything from watches to cars to critical national infrastructure – to obtain personal and sensitive information. IoT represents the next battleground as we move towards smarter environments and adversaries advance their tactics to take advantage of new vulnerabilities that arise.
- When it comes to security, CEOs will take the hot seat:
In light of the frequent and destructive data breaches we’ve seen over the last two years, CEOs will be at the forefront in leading the response to a cyber breach. Increasingly we will see these breaches fought in courtrooms and newsrooms, as well as on laptops and networks. Cyber risk will be top-of-mind for boards, elevating the CISO beyond traditional IT. And with this, enterprises will be increasingly responsible for the information security of consumer data.
- As the threats evolve so do the tools – organisations will find new ways to protect their data:
While organisations still spend on traditional perimeter ‘blocking’ security technologies such as firewalls, mobile platforms have transformed the network making the new perimeter essentially in your pocket. To keep pace with the changing network, I predict that 2016 will bring a shift in how organisations protect their data.
New cybersecurity tools and techniques will focus on applying big data analytics and automation to the threat landscape, as well as internal users and operations. Additionally, new methods for managing user identity will cross into biometrics and across cloud platforms, and we will see the increasing adoption of advanced consumer security and identity products and services.
- Meanwhile the Adversary is not standing still:
The evolution of the adversary landscape will be shaped by four key trends in 2016 –
- Criminal syndicates go mobile, digital, social and cloud-enabled, having built a sophisticated underground marketplace for malware, information, technical expertise and service brokers. Cyber criminals are increasing their community focus, global reach and sophistication.
- Advanced Persistent Threats are in a class of their own – Nation state and APT actors will continue to penetrate networks and avoid detection for extended periods of time, evading traditional security countermeasures.
- Industry vertical specialisation – Adversaries are becoming expert in exploiting the business process and value chains for less cyber-mature vertical industry groups, such as healthcare, energy, media and entertainment.
- Vulnerabilities old and new: A large and worrying proportion of attacks will continue to prey on old vulnerabilities in standard software and operating systems versions that are poorly managed and updated. New vulnerabilities in mobile devices, operating systems and applications will outstrip more traditional areas of focus.
Andrzej Kawalec, CTO Enterprise Security Services, HPE
Image Credit: Shutterstock/Benoit Daoust