Cyber cold war to heat up in 2016
As the cloud and Internet of Things (IoT) continues to grow, so grows the reality of bigger security threats. The average consolidated total cost of a data breach is $3.8 million, according to a study by IBM. This represents a 23 percent increase since 2013.
In October, President Obama proposed a $14 billion budget for cybersecurity efforts in the government. Clearly, the stakes are high. So what might 2016 hold for security in the enterprise? Experts across the tech industry weigh in.
Cloud disaster recovery planning is imperative
Karl Triebes, CTO and EVP of product development at F5 Networks, Inc.
We’ll see a reinvigorated push for cloud disaster recovery plans as enterprises move more and more of their data to the cloud; many of them are still backing up to their own data center. Redundancy is their insurance policy, and in the event a cloud provider goes down, business is expected to run as usual. With data breaches and cyberattacks on the rise, enterprises are on edge, and the cloud is a top security concern. Major cloud service providers haven’t been hacked … yet … but enterprises need to be prepared. That’s why 2016 will be the year of cloud disaster recovery planning.
Andy Rouse, product manager at Spanning Cloud Apps, LLC, newly acquired by EMC Corp.
Cloud security: High likelihood of a significant data loss event in SaaS solutions next year — most likely due to a hacking event. This would obviously underscore the importance of the need for SaaS data protection for customers. The Sony hack is just one of many examples of catastrophic and near-catastrophic security lapses that resulted in significant data loss. It reinforced the imperative for security measures, security training and a protected backup of corporate data.
Cybersecurity operations will grow with automation and PII
Haiyan Song, SVP of security markets at Splunk. Inc.
Organizations will begin producing their own threat intelligence, and cybersecurity operations will grow and become a competitive advantage. While security has been seen as a cost or even impediment to the business, companies will begin to cite cybersecurity as a competitive advantage. As we enter an era of information sharing in the cyber age, this dedicated threat intelligence operations within organizations will help fuel cybersecurity information sharing.
Automation and incident response will grow within security solutions. Security analytics and anomaly detection will be about automating and making it less dependent on humans, letting companies detect threats and respond without having to hire skilled analysts. Incident response will become a larger part of organizations’ security solutions, including automating the remediation.
The explosion of Personally Identifiable Information (PII) in the public sphere will lead to new means to improve identity authentication. Identity and compromised credentials as a new attack surface will attract a lot of development and innovation in terms of strengthening authentication. Rather than multi-factored authentication, there will be a push to get away from methods such as passwords and authentication will become sophisticated but also easy to use.
IoT products will be forced to focus on security
Chris Klein, CEO of Rachio, Inc.
Seventy-one percent of consumers fear their personal information may get stolen by using smart home products. In fact, consumers say they are more worried about this than they are about the cost of the technology. As IoT products continue to connect more and more aspects of our lives, it means more and more of our private information is being entrusted into the hands of IoT companies. In 2016, IoT companies will be forced to increase security features to ensure users’ private information is safer than ever before.
OORT, Inc. Founder and CEO Radek Tadajewski recommends that consumers should look for devices that feature 128-bit encryption or higher. Consumers should also enable encryption on all their devices, including communication between devices. By doing this, it would take “hackers with supercomputers longer than the current age of the universe to crack a device’s encryption,” says Tadajewski.
Once IoT companies have implemented these security features, it will be essential to effectively communicate how secure their products are to convert nervous consumers into buyers. Providing clear details on how their products are secure and why users don’t need to worry about the safety of their information will be absolutely key in 2016.
The cyber cold war will heat up
Mark Painter, security evangelist for HPE Security Products at Hewlett Packard Enterprise
We are approaching an age where cyber attacks will result in military retaliation. While the U.S. and China recently came to an agreement not to conduct cyber attacks designed to steal intellectual property, the U.S. also freely admits cyber warfare will remain in its catalog of offensive capabilities.
We’re seeing the capacity for an accident to a degree not seen since the height of the cold war. In fact, the cyber tension is so high that Russia and the United States have a hotline in case of “accidents.” So far these cyber incursions haven’t risen to the threshold that would require a military response, but that day is coming.
Security education vital for end-users
Amy Baker, VP of marketing at Wombat Security Technologies
No one believes that any one thing is 100 percent effective on its own in defending against cyberattacks, which is why many security professionals use a defense in-depth strategy with multiple tools layered upon one other. As report after report has shown, end-users are one of the biggest security vulnerabilities any organization has, and as cybercriminals are focusing on more sophisticated attacks such as spear phishing and social engineering, security education has to be a layer in the defense in-depth strategy.
We also know from research, and our own lives, that telling someone something once does not teach them anything. The use of adult learning science principles engages users in learning, helps them retain information and change behavior. We recommend that all companies use a continuous training approach that uses a repeating cycle of assessing vulnerability and knowledge, educating with engaging content, reinforcing the correct behaviors, and measuring throughout the cycle. This enables practitioners to look at results against initial baselines and trend progress over time while adjusting education to target the problem areas.
Photo by Pixabay
A message from John Furrier, co-founder of SiliconANGLE:
Your vote of support is important to us and it helps us keep the content FREE.
One click below supports our mission to provide free, deep, and relevant content.
Join our community on YouTube
Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.
THANK YOU