Data analytics. Whether we are looking at threat intelligence or insider behavior, which contributes to 40 to 75 percent of all breaches, data analytics will continue to be a major innovation and investment theme. There is no shortage of data, it's finding the specific piece of hay in the haystack – not just the needle in the haystack – that is essential for the security practitioner.
Autonomic defense. The explosion in volume and quality of threat intelligence and the chronic shortage of threat analysts will drive the demand for automated response systems for cybersecurity. We need to automate the rudimentary threat responses and for all management to focus scare threat analyst resources on the most complex and critical threats. Essentially, it's all about scale and velocity.
Cybersituational awareness. Monitoring and measuring cybersituational awareness – of the enterprise and its supply chain – moves to the top of the policy priorities. As Target demonstrated, a company is only as secure as its supply chain when things happen so quickly. As cyber moves from the domain of IT to enterprise risk, visibility, quantification and qualification become essential.
Data provenance. The global economy is driven by ones and zeros moving at the speed of light. Ensuring the integrity of those digits becomes essential as we try to move from cyber “Whac-A-Mole” to trusted systems.
Philip Agcaoili, SVP, U.S. Bancorp; CISO, Elavon; board of advisors, PCI Security Standards Council; chairman, Ponemon Institute Fellows
I'm not a prognosticator, but a CISO of a leading global payments solution provider and don't have to predict the future. We already know what's to come--If you don't implement basic cybersecurity hygiene and haven't successfully developed a culture of cybersecurity within your organization, you will get hacked. The most vulnerable organizations are the ones who have not properly prepared for such an event. Beyond ensuring the basic cybersecurity hygiene, culture change, implementation of the latest cybersecurity prevention technology, and maturing response practices, every organization needs to be prepared to be breached and focus on detecting the breach and shortening the dwell time that your adversary has to go undetected once they compromise your environment.
Dmitri Alperovitch, CTO and co-founder, Crowdstrike
Data and information will continue to be weaponized: Use of data as weapon will be a major problem in 2016. In the past, data has been taken, destroyed or encrypted, but increasingly we're seeing breaches during which data is leaked publicly in order to cause significant damage to a business, reputations, or even the government (e.g., Sony, Ashley Madison, etc.). Criminals and hacktivists are now stealing data and threatening to place it on public websites for others to see. In conjunction with this, hackers are building massive databases that include multiple types of data (insurance, health, credit card) to present a “full picture” of an individual. It's one thing to have your data stolen and another to have it used against you. We'll continue to see individuals', corporations' and public entities' info used against them as a weapon in 2016.
Stephen A. Aschettino, partner at Foley & Lardner LLP
With BYOD sweeping the corporate world, I expect to see in 2016 an increase in the quantity and scale of data breaches stemming from mobile devices. Millennials and others are demanding speed and mobility through their phones and tablets. Monitoring and protecting these employee-owned devices creates real challenges for company security pros. Moreover, technical exclusions in some cyber-insurance policies may void coverage for data breaches stemming from devices owned by individuals rather than the insured company.
Gasan Awad, vice president, global identity and fraud product management, Equifax
Security for mobile and online transactions was a significant concern for 2015. As more consumers make card-not-present purchases, many mobile and online merchants still need to catch up with authentication best practices. This caused an increase in fraudulent charges in 2015.
Data breaches, which are becoming much more sophisticated in complexity and scale, are a top concern for 2016. New forms of vulnerabilities and the innovative methods being employed are causing alarming losses in multiple forms – dollar losses due to fraud, reputation risk for involved firms, and individual costs to victims. Data breaches are one reason why the identity theft issue continues to move.