Five Cyber Security Predictions for 2016

Information security and risk management professionals will rebel against cookie-cutter approaches to cyber security in 2016, that’s just one of many ways that prevention, detection and response to cyber threats will change in the next year, according to a new report from Forrester Research.

“Security investments based on a checklist of technology required to meet compliance fails to address underlying or existing vulnerabilities,” Forrester authors Rick Holland and Heidi Shey contend. “Assess the maturity of your security program to build a strategic road map to reach higher levels of maturity, and identify existing gaps and centers of excellence.” In particular, Forrester gives five cybersecurity predictions and resulting actions to be taken in 2016:

We’ll See Ransomware for a Medical Device or Wearable
Security and risk professionals should focus on the human factor to combat phishing; identify data assets and access paths to understand the types of data that wearables and Internet of Things devices are collecting; secure data collection as well as data analysis points, starting with medical devices collecting data and continuing to the location where analysis occurs; and re-examine existing security functions through an Internet of Things lens.

The US Government Will Experience Another Significant Breach
Forrester gives a bleak assessment of the government’s security capabilities. “It will be cyber security as usual for the U.S. government, with lower morale as federal employees question the government’s ability to protect sensitive data and hire qualified cyber security experts.” In short, the government is short-staffed, under-budgeted and lacking internal discipline.

Security and Risk Pros Will Increase Spending on Prevention by 5 to 10 Percent
“You may have heard claims that prevention is dead,” according to Forrester. “This couldn’t be farther from the truth.” The firm recommends investing in new varieties of prevention that employ “exploit” prevention techniques; being skeptical of vendors that offer only detection technologies; and maximizing existing detection capabilities before investing in new ones.

Defense Contractors Will Fail to Woo Private Industry with ‘Military Grade’ Security
Contractors see a big opportunity in the commercial sector and have been buying up complementary companies, but have difficulty understanding private-sector requirements and dynamics, according to Forrester. “Many assume that purchase orders will rain down from the heavens with the mere mention of statements like, ‘We’ve been fighting the advanced persistent threat for 15 years.’” So, question defense contractors about their commercial experience, see through the ‘Military Grade’ claims as a higher tier product, because that isn’t a given (see F-35 Joint Strike Fighter jet), and understand that a long-term commitment to commercial markets is a traditional concern when working with defense contractors.”

HR Departments Will Offer Identity and Credit Protection as an Employee Benefit
“Keeping up with the times, potential challenges associated with fighting fraud, identity theft, medical identity theft and damage to personal online reputation will drive HR pros to bring in identity and credit protection and resolution services as an employee benefit,” Forrester notes. So, build a closer relationship with HR, and revamp and jumpstart your security awareness program.

Information-Management: http://bit.ly/1TkwPkU

 

« N. Korea Employs Grads for Cyber Warfare
OPM Hack Was Criminal - Not China Government Sponsored »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

International Security Management Association (ISMA)

International Security Management Association (ISMA)

ISMA is an international security association of senior security executives from major business organizations located worldwide.

Lares Consulting

Lares Consulting

Lares is a security consulting firm that helps companies secure electronic, physical, intellectual, and financial assets through a unique blend of assessment, testing and coaching.

Blue Lights Digital

Blue Lights Digital

Blue Lights Digital have developed a range of platforms to support digital investigations, as well as providing continued support and education for investigations professionals.

Cyber Security Centre - Daffodil International University

Cyber Security Centre - Daffodil International University

Cyber Security Centre, DIU is a non-profitable organization which is focused on applied research in cyber security.

InfoExpress

InfoExpress

InfoExpress provides network security solutions that enhance productivity and security through better visibility, improved security, and automating device and mobile access to the network.

Nexum

Nexum

Nexum takes a comprehensive approach to security, from detecting and preventing network threats, to equipping you with the information, tools and training you need to effectively manage IT risk.

SyncDog

SyncDog

SyncDog is a leader in enterprise security and the preeminent vendor for containerized mobile application security across cloud & on-premise computing environments.

Norma Inc.

Norma Inc.

Norma provides the secured wireless environment (WiFi and Bluetooth) with the unauthorized AP detection, and secures your IoT assets from various threats.

Secret Intelligence Service (SIS - MI6)

Secret Intelligence Service (SIS - MI6)

The UK’s Secret Intelligence Service, also known as MI6, has three core aims: stopping terrorism, disrupting the activity of hostile states, and giving the UK a cyber advantage.

LogicGate

LogicGate

The LogicGate Risk Cloud™ is an agile GRC cloud solution that combines powerful functionality with intuitive design to enhance enterprise GRC programs.

Cyber1

Cyber1

CYBER1 is a leader in cyber security advisory and solutions. We are uniquely placed to help customers achieve cyber resilience and thus, safeguard reputation and value.

Gorilla Technology Group

Gorilla Technology Group

Gorilla specializes in video analytics, OT network security and big data to support a wide range of solutions for commercial, industrial, cities and government purposes.

BBS Technology

BBS Technology

BBS Technology is a company that develops and delivers next-generation cyber security technologies worldwide.

Qi An Xin (QAX)

Qi An Xin (QAX)

QAX is a listed company based in China, and a leader in cybersecurity industry, providing new generation enterprise-level and national-level cybersecurity solutions.

NinjaOne

NinjaOne

The NinjaOne Platform was built to help IT and MSP teams efficiently manage, patch, and support all endpoints.

EK3 Technologies

EK3 Technologies

EK3 Technologies mission is to provide comprehensive cybersecurity and IT solutions that allow our clients to focus on sustaining their business.