2015 has often been referred to as the year of the breach, with high profile attacks affecting global organizations in huge numbers. It was the year data breaches got personal with high profile attacks compromising almost every aspect of user’s lives.
Over the past 12 months the headlines have been dominated by a number of high profile breaches including The Office of Personnel Management (OPM), the dating website Ashley Madison, TalkTalk and V-tech – to name just a few.
With this heightened state of alert, it comes as no surprise that when asked their views on security vs. freedom, 73% of InfoSec professionals said that security was more important than user productivity.1
While it’s encouraging to see that security is raising up the agenda with 63% of the leadership viewing IT security as a key priority1 - businesses must not lose focus on the importance of the user experience. Ignoring this often leads to risky ‘shadow IT’ as users try to circumvent policies and find workarounds that allow them to get on with their daily tasks.
As we draw closer to 2016, we asked a series of security gurus for their views and predictions for the year ahead. We asked “What do you feel will be the biggest threat to an organizations IT security in 2016?”
Here’s our roundup of their predictions for the New Year:
John Dunn, Security Editor at TechWorld:
“Biggest threats could be classified by the most expensive, or the most technically dangerous. I tend to think that expensive everyday attacks cause more problems than unusual but serious ones, such as large data breaches.
“One that stands out are ransom attacks where firms are threatened with denial of service attacks unless they pay a sum of money. This is always less than the cost of defending against the attack. Beyond that, DDoS attacks will continue to be a serious issue for many companies, not least because they consume budgets doing something that customers rarely appreciate except in a negative sense.”
Sami Laiho, ethical hacker and MVP:
“CryptoLocker-like ransomware will still a big issue for customers as it can't be blocked by simply removing admin rights. The real big issue behind all of this is the lack of data categorization and correct placement.
“Users bringing in their own devices and peripherals is a big and growing issue. However, the biggest challenge is still the people sitting between the chair and the monitor. More and more emphasis needs to be targeted to teaching users how to live in the modern IT environment. The lack of understanding from companies that reactive security is not nearly enough to protect their environments.”
James Maude, Senior Security Engineer, Avecto:
“The Board could be the biggest threat of 2016, without a clear understanding of security and risk at the highest levels of the business InfoSec won’t succeed. Too often in breaches we see organisations not getting the basics right and mistaking compliance for security.
“2016 should be about learning from best practice and being proactive, not gambling your reputation by sitting still.”
Dan Raywood, security journalist and blogger:
“I don't think much will change from 2015 to be honest - but I expect there will be more IoT, more connected devices. Also 2016 is an Olympic year, European Championships and USA elections, so social media will be used by corporations more than ever and expect more attacks (and therefore more security measures) added to Twitter and Facebook.
“I also expect 2016 will be the year Assange and Snowden appear from exile to face the music!”
The McAfee Labs 2016 Threats Predictions report shares a detailed look ahead, stating that valuable information is “attracting the attention of adversaries looking for new ways to steal it, leverage it, and benefit from it.”
At a time when threats are growing in number as well as sophistication, the key to security success has to be a proactive stance; preventing as much as you can on the endpoint and complementing with detection and response strategies.
Do you agree with these predictions? What do you think are the biggest challenges facing your own enterprise in 2016?
For more insight, download the 2016 security predictions infographic here.
1 Survey by Avecto of 247 IT/Security professionals in 2015 at McAfee FOCUS (Vegas), Gartner Symposium (Barcelona), Intel Security Summit (London) and IPExpo (London.)