IT Focus Area: Security
January 15, 2016
5 Security Predictions for 2016
The security threat landscape continues to change and present new challenges. Here are five predictions for 2016 that we think are worth preparing for.
1. Better Use of Threat Intelligence
The challenge: The best form of defense against attacks and those who perpetrate them is to know about them. Defenses against cybercriminals have failed to reach their full potential at least in part due to a lack of information sharing. Collaborative defense has become critical to IT security, and sharing threat intelligence is a force multiplier. But for many organizations, good quality intelligence is hard to come by. In 2016, organizations will attempt to enhance their intelligence-gathering capabilities and start coordinating with industry peers.
What you can do: Per Gartner, by 2018 60 percent of large enterprises globally will utilize commercial threat intelligence services to help inform their security strategies. Organizations can use threat intelligence technology and services to gain visibility into threat activity, facilitate automation and help guide cyber security activities. However, it is important to note that cyber threat intelligence is a confusing space, and sorting through threat data to understand the risks to your organization can be overwhelming. You may find it best to partner with an independent technology provider that can perform threat assessments, customized product testing and other services to determine which sources are best suited to help protect your organization, and help you effectively ingest the information they provide.
2. Insiders for Sale
The challenge: Cybercriminals routinely use darknet services and untraceable peer-to-peer networks (e.g. Tor, I2P, Freenet) in an effort to sell and exchange tools and services. The ultimate goal of outside attackers is to become insiders, and stolen credentials will be a hot commodity in 2016 with an eye toward that goal. Specialized Dark Web marketplaces are likely to develop based on industry and sector—giving malicious actors the chance to buy insider access to high-profile targets.
What you can do: Solutions such as dark intelligence platforms and context-aware behavioral analytics can help organizations gain visibility into darknets, advance their monitoring capabilities, and establish baselines for normal user behavior so that anomalous activity can be quickly identified. Pay special attention to users with privileged access, and audit the security practices of your service providers, contractors and other business partners. Consulting services such as security program assessments, vulnerability and compromise assessments, identity and access management strategy planning and incident response services help to ensure optimal protection from both internal and external threats.
3. The Rise of the Machines
The challenge: Gartner predicts that 6.4 billion connected things will be in use worldwide in 2016—up 30 percent from 2015—with 5.5 million new things getting connected every day. As demand for Internet-connected cars and home security and automation systems increases, and wearables gain popularity, cybercriminals will try to exploit them. The supervisory control and data acquisition (SCADA) systems typical of auto manufacturers do not provide sufficient security for connected cars. In 2016, we are likely to see more attacks aimed at the automotive field, and at wearables and smart appliances such as washers, dryers, refrigerators, security systems, thermostats and lighting as cybercriminals try to access employee smartphones and tablets and get to corporate data. Some experts even predict that attacks on cars, medical wearables and other devices will lead to home invasions, injuries or even death.
What you can do: Organizations should view security through an IoT lens, and evaluate solutions such as secure remote access (VPN), multi-factor authentication and mobile device management (MDM) that can help mitigate this issue. Vulnerability management, mobile security and identity and access management services can help you understand the types of data these devices are collecting, and limit network access not just at the user level but at the device level, so that compromised wearables, connected cars and home devices cannot use an employee’s mobile device as a proxy to get in.
4. Multi-factor Authentication Will Pick Up
The challenge: Rising security risks and the demand for seamless and secure access across any device, anytime is accelerating the need for better authentication. A startling lack of two-factor authentication played a role in the massive data breach at the U.S. Office of Personnel Management (OPM). And the June 2015 breach announcement by LastPass—a leading password management service—demonstrated that password management has hit a serious stumbling block. In 2016, we’re likely to see broader adoption of the use of two-factor authentication to better protect log-ins.
What you can do: Multi-factor authentication and identity and access management solutions can help organizations secure access to corporate networks, protect the identities of users, and ensure that users are who they claim to be. Identity and access management services including strategy assessments, multi-factor authentication technology assessments, and implementation and tuning help you deliver accountability and transparency of access to the business.
5. Prevention Will Make a Comeback
The challenge: Recognizing the impossibility of a 100-percent-secured environment, many organizations have essentially abandoned the idea of prevention to focus their efforts on detection and response. The fact that only 4 percent of 245 million records compromised during the first half of 2015 were encrypted highlights this issue. Forrester expects spending on prevention to rise 5 to 10 percent in 2016, proclaiming, “You may have heard claims that prevention is dead. This couldn’t be farther from the truth.” In 2016, organizations will take a more balanced approach to prevention, detection and response.
What you can do: Ensure that basic security practices are in place. Proper password and authentication policies, patch-management procedures, firewall and IPS configuration, and log review procedures are among the practices that should be well-established. Encryption can help to prevent data loss by rendering data useless in the event of a breach. Developing a strategy that incorporates encryption with key management, access control and SSL decryption can increase your ROI in security. Additionally, many vendors now offer next-generation endpoint security technology that employs exploit prevention techniques, including solutions that detect and block viruses, malware and spyware through machine-learning algorithms. As prevention is enhanced, take steps to ensure that integration and visibility efforts are linked to mature incident response processes. Vendor-independent product testing and security assessment, strategy, and design services that focus on detecting and responding to threats in conjunction with preventive measures can be of tremendous value.