In the cybersecurity world, 2015 was a year marked by Big Data breaches and the emergence of the privacy vs. national security debate. It’s safe to say, therefore, that companies in 2016 will turn to security experts to ensure that they aren’t caught off guard by the shifting threat and regulatory landscapes. As many companies consider security to be their biggest concern for 2016, it’s important to be prepared and not be caught unaware.
In the following slideshow, Accellion provides an overview of the trends expected to be seen in cybersecurity and how these changes will affect C-level executives and boards of directors.
2016 Security Trends
Click through for cybersecurity trends expected in 2016, as identified by Accellion.
Privacy vs. National Security
The privacy vs. national security debate will be a critical presidential campaign topic.
The fallout from Edward Snowden’s revelations has been unfolding ever since his initial disclosure in 2013. His revelations illustrated to the world just how far governments had gone in encroaching on personal privacy, and set in motion a debate that should come to a head in 2016.
Events such as the Paris attacks and the overturning of the EU-U.S. Safe Harbor data transfer pact are fanning the flames of the data privacy debate, and the latter issue should be a hot button item in 2016’s presidential race. Staying informed on the outcome of this decision will be essential for organizations planning to do business in Europe, and this is just the first example of how privacy concerns can affect the private sector. As the presidential race narrows in 2016 to two candidates, organizations will need to stay informed of each candidate’s stance on privacy, as well as their proposals to balance privacy with national security and what role technology companies will play.
The Role of CISOs
CISOs will finally get a seat at the board of directors table.
It has been a long time coming, but with the record-breaking data breaches seen in 2015, 2016 is shaping up to be the year CISOs finally get some well-deserved respect from the board of directors. As many of the breaches seen in 2015 demonstrated their capacity to completely destroy a company’s reputation, a CISO’s role is more important than ever.
Boards of directors are realizing two realities: First, no company is safe from a data breach and, second, a data breach is no longer a technology issue but a brand issue. As a result, CISOs will have more interactions and influence with the board. In turn, directors will be more inclined to approve IT budget increases that demonstrate a broader array of security capabilities.
Expect more national regulations and standards for privacy and international file sharing.
Countries are increasingly looking to protect their citizens’ data, in much the same way corporations look to protect their highly sensitive information. This could potentially create headaches for global enterprise IT managers trying to keep track of where company data is being stored.
We will see more nations follow the EU’s lead in requiring data to be stored out of the NSA’s reach. Enterprises should consider localized storage solutions that are either privately owned or maintained on-premise. These solutions offer complete data sovereignty, and fully comply with geographic data segregation requirements. An added incentive to data sovereignty is that it also offers an economic opportunity for local cloud storage firms.
Multi-factor authentication will become the norm.
The use of personally identifiable information (PII) as a sole means of authentication will become a thing of the past, and multi-factor authentication will become the standard for accessing sensitive information. With sophisticated breaches becoming the norm, organizations will rely heavily on security systems that have implemented a form of multi-factor authentication to access critical data. This will ensure there are enough steps of verification to make inappropriate or malicious access much more difficult for would-be hackers.
The breach that occurred last year at the IRS, where hackers used PII to steal tax returns, is the perfect example of why this shift will occur. Attackers were able to use legitimate processes — namely a “Get Transcript” feature that provided access to old tax documents — to commit fraud, resulting in losses in the tens of millions of dollars. Internet black markets are experiencing a Golden Age and you’d be hard pressed to find an individual over the age of 18 whose PII isn’t currently for sale. This state of affairs sets an industry precedent for more robust authentication protocols, and makes it likely that multi-factor authentication will become as common as the use of passwords.
Wearable Device Risks
First enterprise data breach caused by a wearable device.
With the emergence of wearables in the enterprise, 2016 stands to be the year we see the first network intrusion caused by a wearable device like a smartwatch. As a result, it’s important for IT managers to establish policies regarding the proper use of wearables as they have for other BYOD devices like smartphones and tablets.
As more wearables gain Internet access, employees with devices such as smartwatches are going to be the weakest links in the security ecosystem. New technology always puts functionality before security and simultaneously draws the attention of ambitious hackers looking to make a name for themselves in the hacking community. Thus, the target currently placed on wearables is bigger than ever.