One of the best things about this time of year is the spate of predictions that accompany the season. Herewith, a look at some of the more interesting security-related predictions from various IT and security industry observers.
Forrester Research “is one of the most influential research and advisory firms in the world”—according to the company’s website. Hard to argue. On Nov. 30, 2015, Health Data Management published “5 Cyber Security Predictions for 2016,” a summary of predictions from Forrester. Here’s what Forrester predicts, according to that article.
- We’ll see ransomware for a medical device or wearable
- The U.S. Government will experience another significant breach
- Security and risk pros will increase spending on prevention by five to 10 Percent
- Defense contractors will fail to woo private industry with “military grade” security
- HR departments will offer identity and credit protection as an employee benefit
On Dec. 15, 2015, Network World published “A Few Cybersecurity Predictions for 2016,” an article by Jon Oltsik, principal analyst at Enterprise Strategy Group (ESG). ESG is a firm with “a 360o perspective” and “remarkably detailed, nuanced views of technologies, industries, and markets”—according to the company’s website. Herewith, a summary of Mr. Oltsik’s predictions from that article.
- Greater focus on cyber supply chain security
- The consumerization of authentication
- Cyber insurance continues to boom
- A rise in ransomware
A wide range of predictions can be found in “The 2016 Websense Cybersecurity Predictions Report.” The report is produced by Raytheon|Websense Security Labs, part of a joint venture that combines Websense with Raytheon Cyber Products. The venture “brings together researchers, engineers and thought leaders from around the world to discover, investigate, report and – ultimately – protect our customers from sophisticated, evasive and evolving Web- and email-based threats,” its website says. The predictions from its report appear below.
- The U.S. elections cycle will drive significant themed attacks
- Mobile wallets and new payment technologies will introduce additional opportunities for credit card theft and fraud
- The addition of the gTLD [generic top-level domains] system will provide new opportunities for attackers
- Cybersecurity insurers will create a more definitive actuarial model of risk – changing how security is defined and implemented
- DTP [data theft protection] adoption will dramatically increase in more mainstream companies
- Forgotten ongoing maintenance will become a major problem for defenders [of IT security] as maintenance costs rise, manageability falls and manpower is limited
- The Internet Of Things will help (and hurt) us all
- Societal views of privacy will evolve, with great impact to defenders
Perhaps some of the most interesting predictions for 2016 and beyond can be found in “McAfee Labs Report 2016 Threats Predictions.” McAfee Labs, now part of Intel Security, “is one of the world’s leading sources for threat research, threat intelligence, and cybersecurity thought leadership,” according to the report’s introduction. The report begins with a five-year look into the future, created by 21 of Intel Security’s thought leaders. Here’s a summary of what they predict for the next five years.
- The cyberattack surface will continue to grow, thanks to continuing explosive growth in users, devices, connections, data and network traffic
- Attacks and defenses will continue and increase a shift in focus, away from systems and applications and toward firmware and chips themselves
- Attacks will continue to become more and more difficult to detect
- Virtualization will present more and different cybersecurity threats and opportunities, especially as network function virtualization (NFV) grows in popularity
- New device types, including wearables and those connected to the Internet of Things (IoT), will challenge security efforts, and cyber threats will continue to evolve
- IoT security standards will evolve and improve
- The growing value of personal data will lead to more sophisticated thieves and markets, and more security and privacy legislation.
- The security industry will fight back, with new and evolving tools including behavioral analytics, shared threat intelligence, cloud-integrated security and more automated detection and correction.
The range of these predictions and the common elements that link many of them provide valuable guidance and validation to any of you who are seeking to improve security at your enterprise. And of course, we at Shavlik have our own predictions to add to the mix, as well as a review of how well we did with our end-of-2014 predictions. You can download these here. We hope you’ll find all of these predictions, from Shavlik and elsewhere, helpful and inspirational. Here’s to a happy, productive, profitable and secure 2016 for you and your enterprise.