Prediction Can Replace Prevention As A Security Strategy

Uploaded on 2015-12-06 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

When it comes to cyberattacks and data breaches, the issue is no longer "if" but "when". With that in mind, the shift in 2016 may be from incident prevention to incident prediction.

That is the forecast of Richard Greene, CEO at Seculert (above) a security analytics firm in Silicon Valley. Greene said cyber criminals are always one step ahead of IT security experts, but it's time to reverse that trend. That requires a new focus on understanding when security incidents will most likely happen in the first place.

Successful cyber defense in 2016 should be all about effective strategy, Greene said. In response, Greene shared his thoughts with Information Management on what he expects will be the top trends in information security in the New Year.

According to Greene, CIOs and CISOs should expect the following:

Prediction will become the top focus of security.
“Up until 2014, the cybersecurity industry considered prevention to be their sole objective. Sophisticated enterprises then began to complement their prevention strategies with detection technologies to get the visibility on their infrastructure they lacked. In 2016, prevention will emerge as a new priority with machine learning becoming a key tool for organizations that want to anticipate where hackers will strike,” Greene says.

The adversary continues to get smarter.
“Common cyber criminals will no longer be the most common threat,” Greene notes. “Sophisticated criminal gangs with modern organizational models and tools will emerge as the primary threat. Besides being well funded these attackers have the luxury of time on their side, so they’re able to develop more advanced techniques not yet anticipated by the cyber-defense community.”

Governments go on both cyber-defense and cyber-offense.
“Public sector hackers will rarely attempt the kind of attack we saw in Ukraine this year, but we can expect a growing number of state v. state reconnaissance attacks as cyber ‘armies’ research the strengths and weaknesses of their opponents,” Greene explains

Money is no longer the sole motivator.
“Rather than hacking for just for financial gain, in 2016 we’ll see cybercriminals infiltrate to cause physical damage,” Greene predicts. “Hacktavist groups have already proven they are not motivated by money, but rather by a cause. When money is no longer the motivator, infrastructures, priceless artifacts and more are put at risk.”

The Internet of Things expands the attack surface.
“Anything that is connected to the Internet can be an attack surface. It’s just a matter of time before you discover the Fitbit on your wrist or the thermostat connected to your WiFi can be used as the starting point to penetrate corporate and government networks,” Greene says.

The CISO will have a new and expanding role.
Finally, Greene says the responsibilities of IT security leaders “will shift from managing tedious work cycles on uncovering, analyzing and reporting threats, to an elevated role where they must think proactively and strategically to ensure the greater enterprise can achieve its strategic goals.”
Information-Management: http://bit.ly/1lGBcMv

 

« Cyber Warfare Is Integral To Modern International Politics
CBI Chief Calls On the Board to Deal with Cyber Threats »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Hack Miami

Hack Miami

HackMiami is the premier resource in South Florida for highly skilled hackers that specialize in vulnerability analysis, penetration testing, digital forensics, and all manner of IT security.

GreatHorn

GreatHorn

GreatHorn offers the only cloud-native security platform that stops targeted social engineering and phishing attacks on communication tools like O365, G Suite, and Slack.

OpenText

OpenText

OpenText is a leader in Enterprise Information Management software and a portfolio of related solutions for Information Governance, Compliance, Information Security and Privacy.

Dubai Electronic Security Center (DESC)

Dubai Electronic Security Center (DESC)

Dubai Electronic Security Center (DESC) was founded to develop and implement information security practices in Dubai.

Intelligent Business Solutions Cyprus (IBSCY)

Intelligent Business Solutions Cyprus (IBSCY)

IBSCY Ltd is a leading provider of total IT solutions and services in Cyprus specializing in the areas of cloud services and applications, systems integration, IT infrastructure and security.

Deep Mirror Automotive Cybersecurity

Deep Mirror Automotive Cybersecurity

Deep Mirror Automotive Cybersecurity make Cars & Infrastructures Cybersecure.

ACROS Security

ACROS Security

ACROS Security is a leading provider of security research, real penetration testing and code review for customers with the highest security requirements.

Knovos

Knovos

Knovos is a leading technology innovator developing solutions for automating, integrating, and innovating Information Governance.

ARCON

ARCON

ARCON offers a proprietary unified governance framework, which addresses risk across various technology platforms.

Cyphere

Cyphere

Cyphere is a cyber security company that helps to secure most prized assets of a business. We provide technical risk assessment (pen testing/ethical hacking) and managed security services.

National Cyber Coordination & Command Centre (NC4) - Malaysia

National Cyber Coordination & Command Centre (NC4) - Malaysia

NC4 is established as a center for dealing with cyber threats and crisis at the national level in Malaysia.

FINX Capital

FINX Capital

FINX strives to solve the cybersecurity issues with its proprietary technolog, FINX SHIELD, by utilizing big data, blockchain combined with artificial intelligence.

LayerX Security

LayerX Security

LayerX's user-first browser security platform turns any browser into the most protected & manageable workspace, by providing real-time monitoring and governance over users’ activities on the web.

Unisys

Unisys

Unisys is a global information technology company providing industry-focused solutions integrated with leading-edge security to clients in the government, financial services and commercial markets.

ITRM

ITRM

ITRM are one of the UK’s top managed service providers and offer a range of award-winning IT solutions, from ad-hoc consultancy to cyber security.

Innerworks

Innerworks

Innerworks intelligent bot detection. Innerworks is building the future of behavioural data on web3.