Virtualization Technology News and Information
Article
RSS
Identity Finder 2016 Predictions: You heard it here first, cybersecurity predictions

Virtualization and Cloud executives share their predictions for 2016.  Read them in this 8th Annual VMblog.com series exclusive.

Contributed by Todd Feinman, CEO of Identity Finder

You heard it here first – Identity Finder's cybersecurity predictions for 2016

As the year end approaches, our customers, colleagues, and fellow security professionals in our networks have started asking what our information security predictions are for 2016.

Like most information security practitioners are probably also experiencing, many of our friends look at us wide-eyed when we describe some of the zanier things that have been going on in the Internet. In that vein, it'd be easy to dial up the volume on the seriousness of the threats we face online, or propagate some other, emotionally tantalizing story that may or may not come true. Heaven knows, there is enough material for those alarmist answers out there.

Instead, what we are trying to do here is to provide some well-reasoned insights and extrapolations for the serious practitioner that makes his or her living from keeping other folks safe online. And so we're trying to focus on predictive accuracy here, true to our brand of providing the highest accuracy findings, and not on sensationalist predictions.

As such, these predictions are arranged to almost tell a timeline story of how trends in information security may evolve throughout 2016:

1.      First off, the obvious prediction: Breaches will continue to proliferate in severity and frequency:

  • However, cybersecurity will for "Main Street" America continue to be more of a privacy issue than a security one as for most people the damage has not yet hit home; like disasters and accidents, for the majority of folks, this is still happening to other people
  • And continuing, widespread ignorance of the risks associated with lacking cybersecurity will continue resulting in exploitable apathy by users and organizations

2.      In the absence of a popular outcry, regulatory oversight will continue to strengthen to ensure that lack of awareness does not leave individuals and organizations exposed

3.      However, this role will increasingly also expose a double standard with more calls for the government - and politicians - to responsibly adhere to the same policies that they're pushing downhill into the economy and onto the citizenry:

  • Will the FTC exercise the same oversight over other government agencies as they do over the private sector?
  • And / or will the FTC pursue more and more litigation against companies leaking data (e.g. Wyndam Hotels)?
  • What about the surprising naiveté and lack of major politicians' and government officials' online hygiene:
    • Jeb Bush's leaking of social security numbers, an issue we have blogged about
    • Hillary Clinton's use of private (presumably hackable) email, raising questions like of who owns the content of her emails since after typically 12 or 24 months, ownership of inactive emails reverts to the email service provider
    • News of CIA Director John Brennan's personal AOL email account having been hacked emerged as he announced a new cybersecurity policy for the CIA

4.      As fines and penalties grow, and large scale hacks continue to get exposed, information security will come under greater business scrutiny; some of it driven from boards:

  • This will create a greater intersection between business and security stakeholders forcing both, business leaders as well as security professionals to become more literate in each other's languages. For example:
    • Very few organizations know how to financially quantify the cyber risk they are facing; to justify increasing security investments while breaches proliferate will prompt the need for more predictive accuracy there
    • Very few organizations know how to trade off investments in cybersecurity against other, competing technology investment alternatives
    • Our own research into the correlation between what types of post-breach damages resulted from what types of sensitive data will prompt requests for security teams to understand their own organizations' correlations there
  • Businesses will continue to look for the quick fix to plug a hole they already have and leverage existing or purchase more insurance.
    • Insurance companies will wind up having more cybersecurity policies and claims
    • And the security industry will continue to adjust and reform as we see more policies having limits and extremely high deductibles

5.      In the resulting search for more effective security solutions, enterprise security buying will shift from suite to best of breed purchasing of security solutions with greater degree of vendor experimentation and willingness to try innovative, new approaches to information security.

This is our list, what is yours? 

##

About the Author

Todd has transformed Identity Finder into a leader in sensitive data management by helping businesses manage enterprise data and prevent data leakage. He has over fifteen years of experience in the security industry and is an internationally published author and media personality. He wrote Microsoft's own reference book on securing Windows and McGraw Hill's university textbook on managing the risks of electronic commerce. Recently he has appeared on many television and radio shows including the Today Show, Martha Stewart, and Good Morning America. He has written dozens of articles and presented at numerous global conferences on the topics of sensitive data management, data leakage, security, and privacy.

Todd spent ten years at PricewaterhouseCoopers, where he started as an ethical hacker breaking through the IT security of Fortune 100 companies and later took the role of Director to grow their vulnerability management consulting practice. Todd also worked as a product manager for Microsoft in their enterprise server group and was the CIO of an energy retailer in NYC. Todd has a Master in Business Administration from Harvard Business School and a Bachelor of Science from Lehigh University.

 

Published Friday, December 11, 2015 11:30 AM by David Marshall
Comments
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
Calendar
<December 2015>
SuMoTuWeThFrSa
293012345
6789101112
13141516171819
20212223242526
272829303112
3456789