Prediction Can Replace Prevention As A Security Strategy

Uploaded on 2015-12-06 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

When it comes to cyberattacks and data breaches, the issue is no longer "if" but "when". With that in mind, the shift in 2016 may be from incident prevention to incident prediction.

That is the forecast of Richard Greene, CEO at Seculert (above) a security analytics firm in Silicon Valley. Greene said cyber criminals are always one step ahead of IT security experts, but it's time to reverse that trend. That requires a new focus on understanding when security incidents will most likely happen in the first place.

Successful cyber defense in 2016 should be all about effective strategy, Greene said. In response, Greene shared his thoughts with Information Management on what he expects will be the top trends in information security in the New Year.

According to Greene, CIOs and CISOs should expect the following:

Prediction will become the top focus of security.
“Up until 2014, the cybersecurity industry considered prevention to be their sole objective. Sophisticated enterprises then began to complement their prevention strategies with detection technologies to get the visibility on their infrastructure they lacked. In 2016, prevention will emerge as a new priority with machine learning becoming a key tool for organizations that want to anticipate where hackers will strike,” Greene says.

The adversary continues to get smarter.
“Common cyber criminals will no longer be the most common threat,” Greene notes. “Sophisticated criminal gangs with modern organizational models and tools will emerge as the primary threat. Besides being well funded these attackers have the luxury of time on their side, so they’re able to develop more advanced techniques not yet anticipated by the cyber-defense community.”

Governments go on both cyber-defense and cyber-offense.
“Public sector hackers will rarely attempt the kind of attack we saw in Ukraine this year, but we can expect a growing number of state v. state reconnaissance attacks as cyber ‘armies’ research the strengths and weaknesses of their opponents,” Greene explains

Money is no longer the sole motivator.
“Rather than hacking for just for financial gain, in 2016 we’ll see cybercriminals infiltrate to cause physical damage,” Greene predicts. “Hacktavist groups have already proven they are not motivated by money, but rather by a cause. When money is no longer the motivator, infrastructures, priceless artifacts and more are put at risk.”

The Internet of Things expands the attack surface.
“Anything that is connected to the Internet can be an attack surface. It’s just a matter of time before you discover the Fitbit on your wrist or the thermostat connected to your WiFi can be used as the starting point to penetrate corporate and government networks,” Greene says.

The CISO will have a new and expanding role.
Finally, Greene says the responsibilities of IT security leaders “will shift from managing tedious work cycles on uncovering, analyzing and reporting threats, to an elevated role where they must think proactively and strategically to ensure the greater enterprise can achieve its strategic goals.”
Information-Management: http://bit.ly/1lGBcMv

 

« Cyber Warfare Is Integral To Modern International Politics
CBI Chief Calls On the Board to Deal with Cyber Threats »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

See how to use next-generation firewalls (NGFWs) and how they boost your security posture.

Clearwater Security & Compliance

Clearwater Security & Compliance

Clearwater Compliance specialize in Privacy, Security, Compliance and Risk Management Solutions for Health Care, Law Firms and other businesses.

Ubisecure

Ubisecure

Ubisecure provide Identity & Access Management solutions.

Bechtel

Bechtel

Bechtel’s Industrial Control Systems Cyber Security Laboratory focuses on protecting large-scale industrial and infrastructure systems that support critical infrastructure.

SGBox

SGBox

SGBox is a highly flexible and scalable solution for IT security. Choose the modules which your company needs and implement it without any modification to your network infrastructure.

Crypto4A Technologies

Crypto4A Technologies

Crypto4A quantum-ready cybersecurity solutions significantly improve protection for Cloud, loT, Blockchain, V2X, government and military application deployments.

Luxembourg Office of Accreditation & Surveillance (OLAS)

Luxembourg Office of Accreditation & Surveillance (OLAS)

OLAS is the national accreditation body for Luxembourg. The directory of members provides details of organisations offering certification services for ISO 27001.

CyberInsureOne

CyberInsureOne

At CyberInsureOne, we break down the complex world of cyber insurance, and connect you with providers that can give you and your company peace of mind.

Euro-Recycling

Euro-Recycling

Euro-Recycling is a leading UK provider of Secure On-Site Data Media Destruction Services.

Adlumin

Adlumin

Adlumin Inc. provides the enterprise-grade security operations platform and managed detection and response services that keep mid-market organizations secure.

Templar Shield

Templar Shield

Templar Shield is a premier information security, risk and compliance technology professional services firm serving North America.

Active Countermeasures

Active Countermeasures

Active Countermeasures believe in giving back to the security community. We do this through free training, thought leadership, and both open source and affordable commercial tools.

Stratus Technologies

Stratus Technologies

Edge Computing solves the inherent challenges of bandwidth, latency, and security at edge locations to enable IIoT devices and data acquisition.

Pacific Global Security Group

Pacific Global Security Group

Pacific Global Security Group offers an intelligence-driven focus on all aspects of cybersecurity for IT/ICS/OT.

gener8tor

gener8tor

The gener8tor Cybersecurity Accelerator offers a cutting-edge program in San Antonio, home to the second-largest concentration of cybersecurity experts in the United States.

ID North

ID North

ID North is a Nordic service provider offering identity security to its customers by providing world class expertise and best-in-class solutions and services.

Uptime Institute

Uptime Institute

Uptime Institute is an unbiased advisory organization focused on improving the performance, efficiency, and reliability of business critical infrastructure.