2015 has again seen high-profile breaches take place, with mixed reactions on the approach to remediate the issues and restore consumer confidence.
This underlines the necessity of taking action ahead of a breach, by putting in place best practice, which in turn underpins a coherent plan for incident response.
With executives increasingly coming into the spotlight when things go wrong, including CIOS and CEOs, taking action rather than just reaction must go to the top of the “to do” list for the boardroom agenda in 2016.
Here are 11 other trends that are set to dominate the security world in 2016.
1. Back to basics
We continue to see how organisations react when breaches happen, but for an incident response to be fully effective, it relies on robust preparation and good practice.
Processes, procedures and awareness are essential ingredients for risk mitigation, along with the right technologies to help protect from and detect any malicious activity.
NTT Com Security’s 2015 Global Threat Intelligence Report highlighted the need for organisations to concentrate on getting the basics right. It showed a staggering 76% of the vulnerabilities identified had been known for two or more years.
Nearly 10% were over ten years old. Getting the fundamentals right that put risk in context for organisations is the foundation of a coherent and thorough response plan.
2. Intelligence-led approach
There will be a much greater emphasis on an intelligence-led security, as traditional technologies fail to deliver tracking of security incidents and behaviours and are simply unable to analyse the huge amounts of data from across a customer’s network.
There will be more widespread adoption of real-time monitoring and advanced analytics with businesses responding quickly to incidents based on clear actionable intelligence.
3. The resurgence of phishing
Vigilance around phishing emails, particularly spear phishing (targeted attacks), will be important in 2016. Phishing is not new, although cybercriminals continue to capitalise on opportunities in the market.
For example, with recent high-profile breaches of customer data, those affected may legitimately expect an email from the organisation concerned on what action they should take (e.g. changing password credentials).
In these instances, phishing is likely to be rife and it is easy to take these emails on face value. All relevant (and legitimate) information should be on the organisation’s own website.
4. The ‘visibility of things’
The Internet of Things (IoT) has often been linked to consumer goods, but they are becoming more common within the enterprise and industrial environments, as they potentially offer both efficiency and convenience.
However, from a security perspective, these new connected devices must be managed in line with an organisation’s overall security strategy. This will lead to the ‘visibility of things’: the need for organisations to monitor the devices themselves and also the way they are being used, and by whom.
NTT Com Security’s report noted that the security perimeter is shifting – with seven of the top ten vulnerabilities identified at the end-user level. And whilst IoT can offer business value, the risks must be balanced against the benefits.
5. Attacks on payment card data
Businesses can expect continued attacks targeting payment card data wherever it can be found, along with attempts to commit financial fraud with stolen banking credentials or via social engineering tricks like spear phishing emails.
6. State-sponsored attacks
Despite the appearances of some small steps towards political reconciliation between the likes of the US and China, there will be a continuation of state-sponsored hacking targeting government, defence, and other strategic sectors of the marketplace.
More malicious types of state-sponsored hacking are likely to occur over the next year. Rather than espionage against strategic industries, there may be sabotage attempts against any western targets of opportunity. These attacks may be launched by the state itself or may be “patriotic” actions by Russian identity thieves who already have the skills and tools to pull off these kinds of attacks.
7. More fallout from Snowden
The fallout from the Snowden leaks is starting to impact the relationship between the US and Europe. The invalidation of the Safe Harbour agreement, which allowed private companies to share personal data between the EU and US, will likely lead to an increased focus on security for this private data when it does cross borders to keep it out of the hands of US intelligence agencies.
Coupled with legal efforts to force US companies (Microsoft) to divulge data about foreigners that resides on foreign servers (Ireland), this could lead to an even deeper backlash against US technology companies and a migration towards domestic alternatives across Europe.
>See also: Top 6 cyber security predictions for 2016
Similarly, efforts in the UK, such as the so-called ‘Snooper’s Charter’ may also alienate companies, pushing them to move operations to countries like Switzerland and Iceland that have come out in support of stronger privacy protections.
The Snowden leaks are also having another major effect on the industry. As smaller countries, some with repressive regimes, scramble to acquire the same capabilities that the US, UK, China and other major powers have, laws and treaties are being passed in order to prevent the proliferation of the tools and knowledge essential for hacking and online espionage.
Similar to the concerns about car hacking laws, there are concerns that these laws will do more to prevent legitimate security research, leaving more exposed vulnerabilities.
Unfortunately, the losers in most of these scenarios are private businesses and consumers as they are faced with an increasingly hostile internet where criminals and governments attempt to steal their money, gather IP, and disrupt their activities, while domestic governments force companies to turn over this data and punish the individuals who are trying to make the internet more secure.
8. The security industry
Information security is an ever-changing field. As new technologies are developed, they create new security risks, while researchers are still finding vulnerabilities in some of the oldest technologies used online.
Staying on top of these new developments is a challenge. A new broader focus on security is set to emerge that goes beyond servers, workstations and communications infrastructure, growing to encompass appliances, vehicles, factories, utility infrastructure, medical devices and a myriad other devices that will end up connected to the internet over the next few years.
High-profile breaches, hack demonstrations (like the Jeep hack) and Snowden have all helped bring the topic of security into the public consciousness like never before.
With consumers becoming aware of the value of their information and the importance of protecting their privacy, companies will be forced to design security into their products.
This has already been seen with the new security controls Apple has implemented on the iPhone and its resistance to US government legal efforts to force it to bypass this security.
9. The connected car
Modern (connected) cars are complex systems, which contain up to 100 electronic control units (ECUs). These control all-important functions of a car, including brakes and the engine.
More and more of these ECUs are connected not only with the internal network of the car, but also via the internet. This exposes them to a variety of threats, e.g. exploits of the telematics system to suppress the anti-theft-system or inject unauthorised software to control the brakes.
At the same time, the software and the controller area network (CAN) in the different vehicle units of car manufacturers vary, which makes it rather complex to perform penetration and other security tests.
Car manufacturers and regulators will need to places a stronger focus on cyber security. There is a rapidly increasing need for skilled cyber security experts. At the same time those talents are rare, especially those who are specialised in car security.
Both manufacturers and regulators will have to build up internal competencies, but they will also rely on external knowledge. Regulators on both sides of the Atlantic will also have to deal with the issue of data residency and compliance regulations.
10. Machine learning
There will be increased emphasis in areas like machine learning, a subset of artificial intelligence that gives computers the ability to learn without being explicitly programmed.
In the context of information security and risk management, a highly advanced analysis engine based on machine learning can make it extremely difficult for hackers to by-pass detection, which means users can proactively mitigate risks from complex and emerging security threats.
There will be greater focus on advanced analytics – looking for the needle in the haystack – and increased awareness that organisations need to reduce complexity and have greater visibility across their estate.
Most companies have in place controls and processes to manage BYOD – mobile devices like phones and tablets – but wearables (WYOD) and connected devices are not yet typically considered part of an organisation’s risk management strategy.
As more devices become connected, the security implications will grow. The focus should be on effectively managing the increase in log traffic. Most of these devices will not be looked upon as a security risk, but they can (and will) be exploited as any other connected device.
TVs with microphones, personal monitoring and privacy are all potential entry points to an organisation’s infrastructure. Businesses will need to ensure they put in place the necessary policies as an extension of their BYOD policy, before banning wearables – as they may enable innovation and personal efficiency.
Sourced from Stuart Reed, Chris Camejo, Kai Grunwitz and Garry Sidaway, NTT Com Security