WHAT DOES THE FUTURE LOOK LIKE? CAN WE ACTUALLY PREDICT THE FUTURE?
As a person who regularly makes predictions would tell us, the past is an important tool in determining what will happen in the future. Past experiences can be collected in the form of data to calculate probabilities of certain events happening in the future.
In the world of business, correctly seeing the future – even a few months out – can provide a competitive edge, and in the case of cyber security, can enable success against ever-present attackers. A missed guess can leave one scrambling to catch up.
SO WHAT SHOULD WE EXPECT?
- Healthcare and health insurance enterprises will continue to be prime targets for cyber criminals. Anthem and Primera breaches have paved the way for more to come. Healthcare records hold a treasure trove of data. No other single type of record contains so much Personally Identifiable Information (PII) that is often linked to financial and insurance information, and therefore highly valuable to attackers. “Get ready for Medical Identity Fraud!”
- Who cares about credit card numbers? Make way for “Personal Identity Dossiers!” With billions of dollars just there for the taking, there is no doubt that retail cyberattacks targeting credit card data will continue in 2016. However, as defenses against these are strengthened by added security measures (Chip and PIN technology), there will be a significant change in the way these thefts are committed. The criminals will evolve their tactics to gather additional data, such as information related to customer loyalty programs, shopping behavior, and more.
When collected from different sources and then analyzed using analytical tools, this data becomes “Personal Identity Dossiers,” consisting of the various credit cards the individual possesses, his/her geographical data, PII and behavior. These “Personal Identity Dossiers” are going to be worth much more than the credit card numbers.
- Additionally, breaches in the past couple of years have wreaked havoc on many brands and company reputations. Due to this, the Board and the C-Suite will have an appetite for offloading the risk to insurance providers. Cyber Insurance will gain velocity and popularity in the coming year.
- IT will continue to “Cloudify,” but at an accelerating pace. Pretty soon the small and mid-size companies will not have an on-premise data center.
- Old code, new chaos….Old source code is the new Trojan horse waiting to be exploited. A large part of what makes information systems open to attack is that they contain “undocumented features.” The more experience one has with any one piece of software, the more holes can be identified and closed. Yet, even a perfect fix lasts only until the next innovation hits the system. This shows that the art of forecasting tomorrow’s troubles is connected to the art of forecasting tomorrow’s pointless wonders!
AND HOW CAN WE PREPARE FOR THE FUTURE?
- Follow the Data – CISOs are torn in between securing legacy equipment and embracing tomorrow’s leading edge technology, and it is pushing limits. In this battle of new and old technology, our data will be our most important asset. We must innovate our business approach and risk profiles to embrace this.
- Identity and Access Management (IAM) has to be tackled – Users and their identities are the most vulnerable link in a network. CISOs are challenged with managing the identities and privileges of an increasingly diverse group of users that use a multitude of devices to log into systems both inside and outside the enterprise. A valuable Identity and Access Management solution is flexible enough to provide authentication and authorization services to Cloud, Mobile and Social Interaction within our enterprise IT solutions, while enabling improved secure collaboration with our partners and vendors.
- Managed Services Partner will be a must have – A managed security services partner will not replace your existing internal IT team, but augment it. They will bring in the expertise, threat modeling and other compliance and protection services you might not have internally, but are needed to mitigate risk in line with regulatory obligations and business goals. Remember, it is difficult to bounce back from business interruptions or unexpected losses caused by IT security gaps. The cost of avoiding such threats is typically much less than the cost of recovering from them.
- CISO Role is and will be changing significantly – CISOs must evolve to balance risk and enable business.