These technologies have serious cybersecurity ramifications that will open new doors to exploit weaknesses and take data theft to a completely new scale. Hackers are getting smarter and better at what they do. Below 13 highly respected industry experts provide their insights as to what we should see in 2016:
David Cass-CISO Cloud & SaaS, IBM: The way the world works has fundamentally changed. It is about ubiquitous access to your work data, and leveraging advanced capabilities. Cloud continues to mature and is now more about the capabilities than just cost savings. Being able to leverage advanced capabilities opens new competitive advantages to adopters that were not available in the earlier years. This means protecting applications and data no matter where they reside is important. As organizations look to the cloud as an enabler of this change, organizations should focus on three key capabilities from a security point of view. Those are managing access, protecting data, and gaining visibility through auditable intelligence on access, activity and compliance.
JD Sherry-CEO, Cavirin; Cyber resiliency in 2016 will continue to grow exponentially as more organizations adopt and grow their use of cloud computing. Extension of security controls to these ecosystems are essential to continue to reduce the risk profile of a business. To that end, organizations will look to invest heavily in cyber security insurance to help offset inevitable losses due to breaches in the New Year.
Malcolm Harkins—CISO, Cylance: AV is not dead, it is being re-imagined and artificial intelligence is the next new platform. People don't want just another monitor that adds to their total cost of controls and adds to the “alert fatigue” they are experiencing. They want to stop malware prior to execution, which is why a shift toward real prevention has more strategic benefits than just piling on more reactionary capabilities in detection and response. Prevention is a control type that actually minimizes vulnerability and the potential for harm. Detection and respond control types are damage minimization type controls, which mean harm is already starting to occur.
Scott Vowels—SVP, IT Security, Comerica Bank: We’ll see an increase in the buildup of hunter teams and in-house developed tools that will compete with or replace vendor developed solutions to detect suspicious activity broadly. This competition will be good for all of us. It will ultimately result in greater detection capabilities but this will put pressure on rapid response and incident response teams.
Rocco Grillo--Managing Director & Global Leader of IR and Forensics Investigations, Protiviti: While event-based security continues to diminish, the importance of behavior and machine-learning analytics will become a key focus for preventing or mitigating advanced persistent threats (APT) and insider threats. This will lead boards and executive management teams to continue developing enterprise-wide cybersecurity governance and awareness programs that include a focus on insider threats and privileged accounts ‑ whether it’s an employee, third-party supplier or business partner.
Sign up for MIS Asia eNewsletters.