In 2015, data breaches became an ordinary occurrence due to the vast number of hacks that took place. The events of last year mirrored 2014, when big corporations like Sony, Target and eBay, were targeted. However, as new technology is created with the intention of increasing security, attackers are also finding new ways to infiltrate systems and steal confidential information which could lead to the downfall of large industry players. bobsguide took a look at what experts in the cybersecurity sector are predicting and what trends they expect to take shape in 2016.
Can the government win against hackers?
According to Hemanshu Nigam, founder of security advisory firm SSP Blue and online safety expert responsible for leading security at Microsoft and News Corporation, the global cybersecurity market is set to reach a worth of $170 billion by 2020. A report from Markets and Markets also predicted a similar future as the market is estimated to grow at a compound annual growth rate (CAGR) of 9.8% from over the next five years, as Forbes reported.
The financial services industry enters the New Year with these estimates and the support of the US government where cyber threat information is concerned. Last month, President Obama signed an omnibus spending bill which included the Cybersecurity Act of 2015, a bill that creates a voluntary cybersecurity information sharing process, which should encourage the sharing of threat information between public and private sector entities.
David Ferbrache, technical director at KPMG’s cyber security practice highlights that the law could be a viable contender for the hackers, but they will still continue to form different methods of attack. “The recent field trial by the Office of National Statistics suggested that there could have been over 7.5 million cyber offences against individuals last year. 2016 will see cybercrime finally find its place in our official statistics. I doubt that even the headline grabbing which follow will capture the true scale of cybercrime – with many crimes against organisations remaining unreported,” Ferbrache said.
How can we prevent 2015 style hacks happening again?
As more and more security breaches take place, there needs to be an increased effort in order to prevent a business being at threat. CipherCloud CEO and founder, Pravin Kothari predicts that in 2016 changes will be made to the staffing within the companies. “Given the very high profile data breaches and security attacks on businesses this year, we will almost certainly see many more senior appointments with “security” or “risk” in the title.”
This could prove to be crucial to the future of a particular company, as Kothari believes that trust is fundamental to business and this is broken when a breach breaks the bond between a company and its customers. “Once this trust is broken, as in several major security breaches starting with Target, it will be hard to rebuild. Ashley Madison’s breach put its IPO on hold and TalkTalk’s in the UK resulted in a 15% stock decline though it will be interesting to see how things will play out in the litigation front. With breach notification laws and the EU Data Privacy Regulation, we will see more companies publicly named, shamed and financially penalised to death.”
The breaches that Kothari mentioned revealed that companies are unable to implement basic security procedures, such as encryption, and he explained how this simple addition to security protocol could have prevented attacks on Ashley Madison and TalkTalk. “Encryption will become a byword for security best practice,” Kothari stated as he predicted that this technique is the future.
Can new regulation truly minimise cyber threat?
With the dissolving of the Safe Harbour agreement, 2016 may see the introduction of a new privacy framework which will help companies to use encryption or tokenisation of data that leaves Europe, anonymise personal data and limit exposure. Ferbrache said that the much discussed EU General Data Protection Regulation and the EU Network and Information Security Directives will allow governments two years to implement them.
“While large international firms are no strangers to an increasingly complex and uncoordinated global tapestry of national cyber security initiatives; smaller firms are likely to come under increasing pressure in 2016 as their larger cousins embed cyber security requirements into their contacting and procurement processes – fuelling both a supply chain security industry and the growth of third party cyber insurance,” Ferbrache said.
Alongside the precautions to be taken in the US and Europe, the UK intend on launching a new National Cyber Security Strategy this year which will work with markets to address failure in how cyber security is managed today, Ferbrache also mentioned.
Does new technology really open doors for hackers?
The immortality of hackers is becoming more and more evident as new forms of technology are still at risk of cyber threat, despite being created with security in mind. A report by OpenSky, “Cyber Security Trends 2016”, iterates that there will be an increased number of attacks in 2016 and an emergence of new targets.
Olaf Siemens, CEO of OpenSky, states that there cannot be 100% protection and every organisation is a target. “It is even important, beyond taking preventative measures, for organisations to be able to maintain or restart their operations as soon as possible after an attack. That requires organisations to have established a comprehensive set of security incident response processes ahead of time,” Siemens said.
The report discussed how technology ecosystems that were once deemed secure have now become vulnerable. “The creation of new connected devices and the Internet of Things is turning into a goldmine for cybercriminals. This is particularly true of the consumer devices that act as a link between the connected “thing” and its backend systems,” the report highlighted.
As well as the Internet of Things, the report also discussed cloud technology and how businesses in the public sector are predicted to move into this direction, but here encryption continues to be how companies are choosing to keep their infrastructure secure. “Part of the answer will be encryption – ensuring data is encrypted before it enters the cloud and, that the accountable organisation, not the cloud provider, manages the encryption keys for themselves. Solid IT governance practices will be required to ensure that, during the transition, an organisation’s IT infrastructure continues to support and enable the achievement of its corporate strategies and objectives,” the report read.
What does the future hold for cybersecurity?
Gartner predicted that there will be 6.8 billion connected devices in use this year, which is an increase of 30% from 2015. “By 2020, that number will jump to more than 20 billion connected devices,” Gartner also predicts according to CNBC. Fortinet global security strategist, Derek Manky, highlights that this vast number of devices increases the attack surface. “That’s a very large playground for attackers, and consumer and corporate information is swimming in that playground.”
2015 was a year of many cyber breaches and Ferbrache expects these high profile data breaches to continue in 2016. “Firms are finally beginning to recognise that a determined and well-resourced adversary will find a way to breach their cyber protection regardless of the robustness of their defences. This is leading to firms focusing more on the data and systems that are most critical to their operations and how to reduce the risk to those assets.”