Virtualization Technology News and Information
Article
RSS
Skyport Systems 2016 Predictions: Security Look-Ahead 2016

Virtualization and Cloud executives share their predictions for 2016.  Read them in this 8th Annual VMblog.com series exclusive.

Contributed by Art Gilliland, CEO of Skyport Systems

Skyport Security Look-Ahead 2016

Skyport is in the business of big cyber security ideas, and wants to consistently be chronicled among lists of companies paving the way to create and compete.  This said, we have compiled a list of five cyber-security predictions anticipated for 2016: 

Prediction 1. The emperor's clothes go on full display when software-designed security - specifically the complex web of next-gen firewalls, advanced end-point detection and threat intelligence "clouds" that enterprise has been sold - will finally come under scrutiny for all its ineffectiveness and inefficiencies. Software-centric tools not only will, but already have, become so difficult to integrate and incapable of solving point solutions that they will be bypassed or rendered irrelevant (i.e. how does any micro-segmentation solutions prevent the next Heartbleed from a perfectly trusted source?  Or prevent a rootkit, or a corrupted SSD firmware attack vector?) Increased reliance on hundreds (to thousands) of applications will drive organization to realize that one-size-fits-all software security tools yield far too much risk and that - to protect data and software applications - they need to secure all the way down to individual applications AND the hardware.

Prediction 2.  2016 will be the year when phrases like "corporate homicide" and "drive-by hackings" enter the common lexicon.  Described as attacks that are described as politically or ideologically focused (think "V for Vendetta" starring Natalie Portman, or Anonymous hitting AshleyMadison) where shadowy groups target financial, insurance, government, political, gender and similarly divisive organizations (Planned Parenthood, NRA, etc).  The intent of these hacks will fall into three momentous categories: 

  • Hack for Profit
  • Hack for Destruction
  • Hack for Political Momentum

... to steal data or disrupt access for public embarrassment, or to cause a shutdown or a decrease in perceived influence or value of that organization.

Prediction 3.  At some point in 2016, Average Joe/Jane Citizen will directly experience the result of a hack. (e.g. Distributed Denial of Service against a pubic utility like power, water, traffic controls, credit reports, etc.). When this happens, organizations will suddenly see less acceptance by the general public of a "free Lifelock" account offer, or two years of free credit monitoring, and will instead see demands for monetary, civil and or criminal recompense following the experience of a degraded quality of life, injury or death as a result of a cyber-attack.

Prediction 4. Spend on industry pivot to detect & respond will double, but it won't have a measurable impact on breach or incident rate. In fact, 2016 will see the biggest security budgets ever, yet incidents will continue to grow 40%+ (the annual Cybersecurity Market Report estimates that worldwide estimates will increase from $77 billion in 2015 to $170 billion by 2020). Trouble is, legacy technology systems, unpatched software vulnerabilities, and even weak login credentials will remain basic security steps that organizations will fail to shore up, allowing access by potential intruders. As a result, organizations will realize that more funding is not the silver bullet - and that security solutions are not a question of resources - but will instead begin to focus on an overall overhaul of antiquated security systems.

Prediction 5.  CEOs, with demands from investors and constituents, will increasingly be asked to measure cybersecurity ROI and present readiness reports, responding to demand that organizations recognize that a breach is no longer a question of "if" but "when." Board reports will be required to deliver strategies that ensure fast and effective security decisions are in place to protect companies and business - from both a market and reputation perspective. Security will no longer be viewed just as a means of protecting a business's information, but are a critical element to maintaining trust with the public and customers, building company's reputation, as well as safeguarding data, IP and critical infrastructure. This will all influence higher-level issues like maintaining competitiveness in the market, stock price, and shareholder value.

##

About the Author

Art Gilliland, Chief Executive Officer

Art is a 15 year veteran of the security industry, most recently serving as the SVP & GM for the Enterprise Security Products group at Hewlett Packard.  Prior to that he was the SVP of Information Security Products for Symantec.  Before Symantec, Art led the product and marketing teams for instant messaging security start-up, IMlogic, which Symantec acquired.  Recognized as an information security expert, he also holds several key patents in security and is a Certified Information Systems Security Professional (CISSP).  Art earned a Bachelor's degree in Economics from Carleton College and a Master's of Business Administration from the Harvard Business School. 

 

Published Friday, December 04, 2015 6:34 AM by David Marshall
Comments
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
Calendar
<December 2015>
SuMoTuWeThFrSa
293012345
6789101112
13141516171819
20212223242526
272829303112
3456789