Five Cyber Security Predictions for 2016

Information security and risk management professionals will rebel against cookie-cutter approaches to cyber security in 2016, that’s just one of many ways that prevention, detection and response to cyber threats will change in the next year, according to a new report from Forrester Research.

“Security investments based on a checklist of technology required to meet compliance fails to address underlying or existing vulnerabilities,” Forrester authors Rick Holland and Heidi Shey contend. “Assess the maturity of your security program to build a strategic road map to reach higher levels of maturity, and identify existing gaps and centers of excellence.” In particular, Forrester gives five cybersecurity predictions and resulting actions to be taken in 2016:

We’ll See Ransomware for a Medical Device or Wearable
Security and risk professionals should focus on the human factor to combat phishing; identify data assets and access paths to understand the types of data that wearables and Internet of Things devices are collecting; secure data collection as well as data analysis points, starting with medical devices collecting data and continuing to the location where analysis occurs; and re-examine existing security functions through an Internet of Things lens.

The US Government Will Experience Another Significant Breach
Forrester gives a bleak assessment of the government’s security capabilities. “It will be cyber security as usual for the U.S. government, with lower morale as federal employees question the government’s ability to protect sensitive data and hire qualified cyber security experts.” In short, the government is short-staffed, under-budgeted and lacking internal discipline.

Security and Risk Pros Will Increase Spending on Prevention by 5 to 10 Percent
“You may have heard claims that prevention is dead,” according to Forrester. “This couldn’t be farther from the truth.” The firm recommends investing in new varieties of prevention that employ “exploit” prevention techniques; being skeptical of vendors that offer only detection technologies; and maximizing existing detection capabilities before investing in new ones.

Defense Contractors Will Fail to Woo Private Industry with ‘Military Grade’ Security
Contractors see a big opportunity in the commercial sector and have been buying up complementary companies, but have difficulty understanding private-sector requirements and dynamics, according to Forrester. “Many assume that purchase orders will rain down from the heavens with the mere mention of statements like, ‘We’ve been fighting the advanced persistent threat for 15 years.’” So, question defense contractors about their commercial experience, see through the ‘Military Grade’ claims as a higher tier product, because that isn’t a given (see F-35 Joint Strike Fighter jet), and understand that a long-term commitment to commercial markets is a traditional concern when working with defense contractors.”

HR Departments Will Offer Identity and Credit Protection as an Employee Benefit
“Keeping up with the times, potential challenges associated with fighting fraud, identity theft, medical identity theft and damage to personal online reputation will drive HR pros to bring in identity and credit protection and resolution services as an employee benefit,” Forrester notes. So, build a closer relationship with HR, and revamp and jumpstart your security awareness program.

Information-Management: http://bit.ly/1TkwPkU

 

« N. Korea Employs Grads for Cyber Warfare
OPM Hack Was Criminal - Not China Government Sponsored »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

FREE eBook: Practical Guide To Optimizing Your Cloud Deployments

FREE eBook: Practical Guide To Optimizing Your Cloud Deployments

AWS Marketplace eBook: Optimizing your cloud deployments to accelerate cloud activities, reduce costs, and improve customer experience.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Privacy Professor

Privacy Professor

Privacy Professor provides information privacy, security and compliance services, tools and products to organizations in a wide range of industries.

CloudEndure

CloudEndure

CloudEndure offers Disaster Recovery and Continuous Replication for the Cloud.

CircleCI

CircleCI

CircleCI’s platform allows developers to rapidly release code (for web and mobile apps) they trust by automating the build, test, and deploy process.

IoTium

IoTium

Secure Cloud Managed Software Defined IoT Networks. IoTium simplifies establishing and managing secure network infrastructure for Industrial IoT.

SGG Global

SGG Global

SGG Global is a leading B2B events, summits and conferences host working across the cyber security, commerce and technology sectors.

EIT Digital

EIT Digital

EIT Digital is a leading digital innovation and entrepreneurial education organisation driving Europe’s digital transformation. Areas of focus include digital infrastructure and cyber security.

Tukan IT

Tukan IT

Tukan IT provides a data classification and protection solution.

Ritz

Ritz

Ritz is the largest holistic pure-play cyber security solutions provider in Myanmar.

ThreatGen

ThreatGen

ThreatGEN™ works with your team to improve your resiliency and industrial cybersecurity capabilities through an innovative and modernized approach to training and services.

Shevirah

Shevirah

Shevirah specializes in products for automated mobile and IoT device vulnerability assessment, penetration testing, and mobile security awareness training.

Motorola Solutions

Motorola Solutions

Motorola Solutions build mission-critical services, software, video and analytics, backed by secure, resilient land mobile radio communications.

Aryaka

Aryaka

Aryaka’s SmartServices offer connectivity, application acceleration, security, cloud networking and insights leveraging global orchestration and provisioning.