Prediction Can Replace Prevention As A Security Strategy

Uploaded on 2015-12-06 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

When it comes to cyberattacks and data breaches, the issue is no longer "if" but "when". With that in mind, the shift in 2016 may be from incident prevention to incident prediction.

That is the forecast of Richard Greene, CEO at Seculert (above) a security analytics firm in Silicon Valley. Greene said cyber criminals are always one step ahead of IT security experts, but it's time to reverse that trend. That requires a new focus on understanding when security incidents will most likely happen in the first place.

Successful cyber defense in 2016 should be all about effective strategy, Greene said. In response, Greene shared his thoughts with Information Management on what he expects will be the top trends in information security in the New Year.

According to Greene, CIOs and CISOs should expect the following:

Prediction will become the top focus of security.
“Up until 2014, the cybersecurity industry considered prevention to be their sole objective. Sophisticated enterprises then began to complement their prevention strategies with detection technologies to get the visibility on their infrastructure they lacked. In 2016, prevention will emerge as a new priority with machine learning becoming a key tool for organizations that want to anticipate where hackers will strike,” Greene says.

The adversary continues to get smarter.
“Common cyber criminals will no longer be the most common threat,” Greene notes. “Sophisticated criminal gangs with modern organizational models and tools will emerge as the primary threat. Besides being well funded these attackers have the luxury of time on their side, so they’re able to develop more advanced techniques not yet anticipated by the cyber-defense community.”

Governments go on both cyber-defense and cyber-offense.
“Public sector hackers will rarely attempt the kind of attack we saw in Ukraine this year, but we can expect a growing number of state v. state reconnaissance attacks as cyber ‘armies’ research the strengths and weaknesses of their opponents,” Greene explains

Money is no longer the sole motivator.
“Rather than hacking for just for financial gain, in 2016 we’ll see cybercriminals infiltrate to cause physical damage,” Greene predicts. “Hacktavist groups have already proven they are not motivated by money, but rather by a cause. When money is no longer the motivator, infrastructures, priceless artifacts and more are put at risk.”

The Internet of Things expands the attack surface.
“Anything that is connected to the Internet can be an attack surface. It’s just a matter of time before you discover the Fitbit on your wrist or the thermostat connected to your WiFi can be used as the starting point to penetrate corporate and government networks,” Greene says.

The CISO will have a new and expanding role.
Finally, Greene says the responsibilities of IT security leaders “will shift from managing tedious work cycles on uncovering, analyzing and reporting threats, to an elevated role where they must think proactively and strategically to ensure the greater enterprise can achieve its strategic goals.”
Information-Management: http://bit.ly/1lGBcMv

 

« Cyber Warfare Is Integral To Modern International Politics
CBI Chief Calls On the Board to Deal with Cyber Threats »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

ACIS Professional Center

ACIS Professional Center

ACIS provides training and consulting services in the area of information technology, cybersecurity, IT Governance, IT Service management, information security and business continuity management.

DataGuidance

DataGuidance

DataGuidance is a platform used by privacy professionals to monitor regulatory developments, mitigate risk and achieve global compliance.

Code Dx

Code Dx

Code Dx is a software application vulnerability correlation and management system.

Hivint

Hivint

Hivint is a new kind of Information Security professional services company enabling collaboration between our clients to reduce unnecessary security spend.

InfoGuard

InfoGuard

InfoGuard is a leading Swiss company providing comprehensive cyber security and network solutions.

Red Sift

Red Sift

Red Sift is the only integrated cloud email and brand protection platform, supporting organizations to secure their communications.

EOL IT Services

EOL IT Services

EOL IT Services is the UK’s most accredited provider of IT Asset Disposal (ITAD), Lifecycle Services and Data Destruction.

eResilience

eResilience

eResilience is a division of Referentia Systems, a pioneer in an ultra-secure information safeguarding technique known as “Enclaving”, in which data can be segmented and protected within a network.

NuCrypt

NuCrypt

NuCrypt is developing technology that is applicable to ultrahigh security data encryption as well as key distribution.

ditno

ditno

ditno uses machine learning to help you build a fully governed and micro-segmented network. Dramatically mitigate risk and prevent lateral movement across your organisation – all from one centralised

Kontron

Kontron

Kontron offers a combined portfolio of secure hardware, middleware and services for Internet of Things (IoT) and Industry 4.0 applications.

Keysight Technologies

Keysight Technologies

Keysight is dedicated to providing tomorrow’s test technologies today, enabling our customers to connect and secure the world with their innovations.

SIA Group

SIA Group

SIA Group, an Indra company, combines Consulting, Systems Integration and Managed Services in four specialized business areas: Information Security, Storage, IT Management and IT Mobility.

Avalon Cyber

Avalon Cyber

Arm your organization in the fight against cyberattacks by partnering with the experts at Avalon Cyber.

Diverto

Diverto

Diverto is a company that provides a high level of information security to companies, institutions and other organisations in an information-centric world.

Cyber Guards

Cyber Guards

Cyber Guards provide comprehensive, turn-key cyber security programs for small and mid-size business for about the cost of one full-time cybersecurity hire.