15 Emerging Trends in the Security Sector for 2016

 
 
By Chris Preimesberger  |  Posted 2015-12-29
 
 
 
 
 
 
 
 
 
  • Previous
    1 - 15 Emerging Trends in the Security Sector for 2016
    Next

    15 Emerging Trends in the Security Sector for 2016

    Security professionals offer their thoughts on emerging security trends for which the industry and enterprises in general need to be prepared in 2016.
  • Previous
    2 - Hacktivism and Attack Surfaces Increase
    Next

    Hacktivism and Attack Surfaces Increase

    As cyber-attack tools and services become increasingly commoditized, the cost of attacking an organization is dropping dramatically, enabling more attacks that do not have financial gain as the primary focus. Sophisticated hacktivist collectives such as Anonymous have been joined by relatively unsophisticated cyber-vigilantes. Organizations need to realize that financial gain is no longer the only or even the biggest driver of some of their adversaries. Security operations and risk managers should evolve their understanding not only of the threat, but also of what, why, where and how they are being targeted.—Amit Yoran, CEO of RSA
  • Previous
    3 - Strategic Data Manipulation, Disruption Will Become Commonplace
    Next

    Strategic Data Manipulation, Disruption Will Become Commonplace

    Organizations will begin to realize that not only is their data being accessed inappropriately, but it is being tampered with and manipulated. Data drives decision making for people and computer systems. When that data is unknowingly manipulated, those decisions will be made based on false data. Consider the potentially devastating consequences of misrepresented data on the mixing of compounds, control systems and manufacturing processes.—Amit Yoran, CEO of RSA
  • Previous
    4 - Ransomware Copycats Will Emerge
    Next

    Ransomware Copycats Will Emerge

    Cyber-criminals enjoyed continuous success with new ransomware variants in 2015. This business model of victims paying to get their files back has proved to work, as law enforcement even hints that this may be the only solution. For this reason, we can expect more ransomware copycats (malware authors reusing source code from a malware family to develop their own version) to emerge in 2016. Just as we saw many offshoots from the Zeus banking Trojan, ransomware variants are likely to emerge and compete against one another. However, we can also foresee a major arrest or takedown of one or more ransomware gangs.—Jerome Segura, Senior Security Researcher, MalwareBytes
  • Previous
    5 - Malvertising Will Get Stealthier and Use New Mediums
    Next

    Malvertising Will Get Stealthier and Use New Mediums

    Cyber-criminals have abused online advertising to target their victims and distribute malware efficiently, benefiting from the rise in zero-day exploits. As ad networks continue to struggle to shut down rogue advertisers, the number of attacks will increase and impact large publishers. Malvertising is also getting "smarter" and being served to the right people. Traditionally, we've seen malvertising in banner ads, but in the coming year, we may also see more malvertising in video ads and perhaps via HTML5 as a new infection vector. Ad blockers have started a much needed debate over ad quality, security and the overall user experience. Whether they will be enough to change practices that have been going on for over a decade remains to be seen.—Jerome Segura, Senior Security Researcher, MalwareBytes
  • Previous
    6 - Businesses Will Go on the Cyber-Security Offensive
    Next

    Businesses Will Go on the Cyber-Security Offensive

    Cyber-crime costs the global economy $445 billion a year, according to researcher Allianz. 2015 was no exception, and 2016 won't be either if businesses aren't ready to go on offense. Creating and implementing predictive defense systems will be more critical than ever as companies' reliance on online systems continues to increase, facilitating a high-risk environment for hacks. Systems that continuously detect, prevent, analyze and respond to threats will be in high demand.—Mani Gopalaratnam, Global Head of Innovation and Technology, Xchanging
  • Previous
    7 - Attacks Against Smaller Enterprises Will Increase
    Next

    Attacks Against Smaller Enterprises Will Increase

    The number of serious security breaches and incidents will continue to expand rapidly, especially for second-tier enterprises that have been slower to roll out aggressive defenses. The unfortunate reality is that the number of vulnerabilities and potential hack points increase exponentially each year. Every new release of every application, operating system or device increases the number of exploit opportunities for cyber-criminals. Plus, hacking tools are better than ever at finding openings in older, legacy products. So look for an increase in data breaches in 2016, especially among smaller organizations that haven't deployed the latest generation of security tools. Hackers will always go after the weakest link. If they determine that the big guys have toughened up, they're just going to go after easier targets: the smaller enterprises.—Idan Tendler, CEO, Fortscale
  • Previous
    8 - Hacking Will Become Influenced by Ideology
    Next

    Hacking Will Become Influenced by Ideology

    2016 will be the year the phrases "corporate homicide" and "drive-by hackings" enter the common lexicon. These will be the types of attacks that are described as politically or ideologically focused—think "V for Vendetta"—where shadowy groups target financial, insurance, government, political, gender and similarly divisive organizations (Planned Parenthood, NRA, etc.). The intent of these hacks will fall into one of three momentous categories: hack for profit, hack for destruction and hack for political momentum. —Art Gilliland, CEO, Skyport Systems
  • Previous
    9 - Behavioral Biometrics Will Take Center Stage
    Next

    Behavioral Biometrics Will Take Center Stage

    This will become an important part of adaptive and user authentication. As a result, the ability to analyze keystroke dynamics, mouse movements and touch-based interaction will become a viable and valuable way to verify the true ownership of credentials (versus an external bad actor who has compromised legitimate credentials).—Keith Graham, CTO of SecureAuth
  • Previous
    10 - Cloud-Based Security Gets Better
    Next

    Cloud-Based Security Gets Better

    Cloud-based security is improving as sophistication and intensity of cyber-attacks accelerate. Unlike disjointed on-premises security solutions, the cloud offers security defenses with better threat visibility, shared intelligence across customers and agile software that enables rapid adaptation to emerging threats. The dissolving network perimeter has also created severe challenges in terms of capacity, manageability, adaptability and coverage of IT security appliances. Business will need to kick their security appliance addiction because the need for IT to securely connect an increasingly cloud-centric and mobile-first workforce is not aligned in an appliance-based model, which is designed for fixed locations and a static workforce.—Shlomo Kramer, CEO, Cato Networks
  • Previous
    11 - New Threats Will Come via the Internet of Things
    Next

    New Threats Will Come via the Internet of Things

    In 2016, there will be a large increase in both the privacy and threat exposure of wearable devices, medical devices and smart cars. Examples include hacking into cars' computers to cause a massive incident on the road; stealing PHI data from systems monitoring patient medical devices; and accessing personal information about a user's electrical and water usage in their home.—Rohit Gupta, CEO, Palerra
  • Previous
    12 - Phones Become More Important Than Passwords
    Next

    Phones Become More Important Than Passwords

    Your phone will become more important than your password for security. The password as it is used today is possibly the single largest security problem on the Internet. Multifactor authentication, particularly on mobile, will become the new norm.—Kevin Mahaffey, CTO, Lookout
  • Previous
    13 - Companies Will Start to Pay Off Cloud Security Debt
    Next

    Companies Will Start to Pay Off Cloud Security Debt

    More and more companies are full-speed ahead on cloud, but so far, security has lagged. There's a gap between where cloud security budgets are and where they should be based on overall security spending. According to Gartner Research, companies allocate only 3.8 percent of cloud spending to security, compared with 11 percent from overall IT budgets. In 2016, budgets for cloud security will outpace overall IT security spending as companies play catch-up.—Rajiv Gupta, SkyHigh Networks
  • Previous
    14 - Cloud Access Security Broker Will Prove Not to Be a Magic Bullet
    Next

    Cloud Access Security Broker Will Prove Not to Be a Magic Bullet

    2016 will shine a light on fundamental issues with cloud access security brokers (CASBs) that were overlooked as organizations allowed uncontrolled access to ad-hoc applications such as Box, Dropbox and Google Drive. Among the overlooked issues are that it adds another disparate layer to the security management stack, and many of the functions offered by CASB are available in solutions already deployed and understood by the enterprise.—David Goldschlag, SVP of Strategy, Pulse Secure, and co-founder of Tor.
  • Previous
    15 - The Next Big Attack Target: Education
    Next

    The Next Big Attack Target: Education

    This industry has a plethora of data that cyber-criminals want—credit reports, personally identifiable information (PII), donor money, tuition money, etc. And these institutions are not doing an adequate job of securing all their systems. Add to that the myriad "customers"—namely professors, students, parents and administrators—and you have magnified the attack vectors exponentially.—Andy Grolnick, President and CEO, LogRhythm Labs
  • Previous
    16 - New Data Protection Directives Coming
    Next

    New Data Protection Directives Coming

    A key new one involves the European Union, which will drive enterprises to create specific roles around ensuring the integrity of their data. Roles such as a data protection officer or chief risk officer will evolve, but in either case, they will need to adapt their strategy around being the hunter and not the hunted. This will mean they make use of threat intelligence and next-generation security solutions to detect intrusions earlier.—Chuck Leaver, CEO, Ziften
 

Even people who don't follow the news regularly know that 2015 was a year of fearsome cyber-threats. What was considered an "advanced" threat in years past has become a commodity today, with sophisticated malware and exploits available for the price of a movie ticket. As troublesome as these observations seem, the most impactful evolution goes almost entirely unreported and misunderstood. Today's pervasive threat actors are now conducting attack campaigns comprising multiple exploit methods and multiple backdoors to assure persistence. Incomplete incident scoping has become a critical and consistent mistake made by security teams. This year was also notably characterized by security vendors claiming to be able to prevent advanced threat breaches when the reality is, they can't. And it was characterized by organizations recognizing the need to monitor and defend their digital environments differently but continuing to center their security programs on the same technologies and approaches they have been using—hoping for a different outcome, but not acting differently. In this eWEEK slide show that offers the perspectives of a number of respected security professionals, we list 15 emerging trends for which the industry and enterprises in general need to be prepared in 2016.

 
 
 
 
 
 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
Rocket Fuel