Many security vendors, including Kaspersky and McAfee, have already published their 2016 industry predictions. While these predictions provide a helpful (and quite harrowing) glimpse into cybercrime targets for 2016— wearables, automobiles, critical infrastructure—they do not anticipate how companies will or should combat such threats.
Our five top cybersecurity predictions below attempt to fill that gap. They focus on how enterprise cybersecurity strategies will transform roles, initiatives, and perspectives in 2016.
Prediction 1: Customer security, privacy, and trust will move up on the CISO’s agenda.
Customers, traditionally not a focus for IT security, will rise to the top of the CISO’s agenda in 2016. According to Forrester Research, “Any part of your business that does not directly drive revenue and growth is ripe for disruption. If you cannot explain clearly and succinctly to your leadership why information security is more than just another cost center, why it must become an integral part of what makes your brand trusted by your customers, then you will face either sudden extinction or death by a thousand slow budget cuts”.
As the number and complexity of cyber attacks aimed at customers escalate, so too will the need for business-savvy CISOs. The C-suite will turn to the CISO for strategies on how to maintain consumer trust and brand reputation which has become so critical to the business’ bottom line. As a result, customers, and their privacy, will increasingly be considered a key asset to protect during risk assessments. Customer protection will underpin cybersecurity readiness, response, and recovery planning processes.
Prediction 2: CISOs will look to proactive defenses that address the full scope of the phishing problem.
Recent studies have shown that while customer education is important when it comes to cybersecurity, brands cannot rely on humans to identify cyber attacks, particularly when it comes to phishing—97 percent of people around the globe cannot identify a sophisticated phishing email.
As a result, organizations will work to implement multi-pronged security strategies involving people, process, and technology. We will see a continued focus on security awareness programs but security strategies will slant heavily toward technology implementations of defensive controls that block threats before they impact customers. We will not only see more brands adopting DMARC (Domain-based Message Authentication Reporting and Conformance), but also see wider adoption of defensive solutions that identify and respond to email threats that can not be addressed by DMARC, including display name spoofing and subject line spoofing.
Prediction 3: More security organizations will adopt cyber insurance.
As cybersecurity rises up the business agenda, CISOs in turn will look for business solutions to cybersecurity challenges. We expect investment in cyber insurance to skyrocket in the new year.
Simultaneously, we expect companies to start implementing the very best and most holistic cybersecurity technologies, standards and frameworks to keep those insurance premiums down. A company that hasn’t invested in implementing relevant email authentication standards, for example, will have a higher premium than a company that has. Over time, cyber insurance will drive incredible improvements in security, empowering companies to proactively handle threats.
Prediction 4: Threat intelligence will expand its reach.
Private and public sector companies from a range of industries will begin to share data and collaborate to overcome cyber security challenges. We’re already seeing threat intelligence gain traction in sectors outside of traditional financial services targets, including retail with the March 2014 launch of Retail Cyber Intelligence Sharing Center (R-CISC) and Facebook’s Threat Exchange launched in February 2015. As cybercriminals become more sophisticated, threat intelligence adoption and sharing will increase across many different verticals, giving rise to even more new associations and collaboration platforms.
Prediction 5: We will see greater collaboration between security and other business units.
As customer security moves up on the CISO’s agenda, so too will building new relationships with colleagues and stakeholders in other parts of the organization. To drive business outcomes through security, and to build trusted relationships with customers, CISOs will need to have a fluent understanding of business objectives, challenges, and security’s role in growing the business.
Want to stay up to date on all of these cybersecurity trends this year? Subscribe to the Return Path blog.