A lot of cybersecurity requires looking backwards. Often, when a vulnerability is discovered, we find that it has been out there for a while. Breaches take months to be revealed to consumers even after they are found, and sometimes they are found long after they occur. It’s a reactive situation because, well, a lot of times it has to be reactive. The bad guys are good at staying one step ahead of the solutions and preventions.
The Information Security Forum (ISF), a global, independent information security body considered the world’s leading authority on cybersecurity and information risk management, however, is bucking that reactive trend with the release of the report, Threat Horizon 2016.
ISF has actually been predicting the threat landscape for a few years, and the organization is good at it. As Steve Durbin, global vice president for ISF, said in a statement:
Threat Horizon 2014 highlighted that the cyber arms race would lead to a cold war. Rather than cold, this ‘war’ has turned hot with more governments developing offensive cyber capabilities. Threat Horizon 2015 predicted that governments and regulators will demand more of organizations in preparing for cyber threats, yet will offer little direct guidance.
I think those predictions have been spot on. So what does ISF now believe is in store in our future?
Unfortunately, it looks like the cybersecurity landscape in terms of defending networks and devices from threats doesn’t look good. The report focused on the following themes:
- No one left to trust in cyberspace—Organisations must prepare to operate in an environment where governments no longer balance national security with citizens’ and business’ best interests.
- Confidence in accepted solutions crumbles—Organisations need to build resilience against cyber threats at a time when a number of accepted solutions are no longer viable.
- Failure to deliver the cyber resilience promise—Unless CISOs evolve their skill set to ensure that they can anticipate the CEO’s needs and deliver on an increasingly demanding digital agenda, they will fail.
ISF does provide suggestions for actions that can be taken now to help alleviate these potential problems. For example, IT and security staff can begin building skill sets in areas where cybersecurity is predicted to grow as a concern, primarily in Big Data and mobile. Businesses should cultivate relationships that support better communication in order to share information about the threat landscape and solutions. Also, companies should keep customers in the loop so that they better understand that their personal information will be protected.
Sounds like pretty sound advice for the present and the future of cybersecurity.