Learning From Past Mistakes: Predictions For Cybersecurity

Predictions Cybersecurity

From Ashley Madison to the Office of Personnel Management (OPM), hackers did not discriminate between organizations or industries when it came to unleashing cyber-attacks in 2015. This past year, data breaches affected millions of people with headlines of a new hack appearing almost daily. On an individual level, customers’ passwords were compromised, credit card information stolen, and private lives became public to name a few ill-fated scenarios.

On the other hand, the organizations that were hacked lost millions of dollars, trust from their customers, and brand credibility. Many will not recover from such serious blows to their reputations. Businesses can only withstand a cybersecurity hack if they invest the time, effort, and money into response, recovery, and the future protection of the organization and its customers.

With lessons learned from 2015 in mind, here are four predictions related to cybersecurity that will make news in 2016:

1. CEO turnover will increase

In 2016, organizations will come to realize that a cybersecurity breach is inevitable and stakeholders will point to the CEO as the responsible party when they occur. No one is immune to cyber threats and the sooner corporate boards and C-suite executives realize this, the better off their organizations will be.

Because cybersecurity is no longer an issue solely reserved for IT departments, the C-suite, particularly CEOs, will be held responsible for data breaches. The sophistication of cyber threats is unprecedented, requiring executives to evaluate the access of data from employees, customers, partners, regulators and vendors. As such, after a breach occurs, many CEOs will either be forced to step down or be fired.

Additionally, executives must be able to demonstrate they have taken all possible precautions to protect their customers’ data. Public expectations of transparency are likely to increase based on the increasing number of breaches. If CEOs cannot provide evidence of their organizations’ efforts, they will be swiftly replaced.

2. CISOs will be scrutinized more than ever

Corporate boards will scrutinize new CISO hires more than they had previously and more than any other C-suite position. A CISO will be expected to mitigate cyber risk, and ensure the organization maintains the philosophy and practice that compliance does not equate to security. Being compliant is important, but organizations must assume that measures must be taken above and beyond compliance and have strategies in place for identifying areas in need of security improvements.

complience-cloud-risks

Performing penetration tests – tests where third parties are paid to infiltrate an organization’s infrastructure in order to uncover holes in security – will be one way CISOs will help arm their organizations against unfriendly hackers. Having a data breach response and recovery plan will be another way CISOs mitigate risks for their businesses and their customers.

3. Cyber insurance will become more popular

As 2015 demonstrated, data breaches are a very real and pervasive threat. Only by taking preemptive measures and proactively preparing a response and recovery strategy will organizations be able to bounce back when one occurs to them.

Part of this proactivity will come in the form of cyber insurance. Even with executives understanding the need for a cybersecurity strategy, it is difficult to calculate all potential costs involved in a breach. Financial considerations must include both direct and indirect costs. An example of direct costs is the financial reparations paid to affected customers after a breach. Indirect costs can include the legal fees incurred while an organization is sued for these reparations.

By purchasing an insurance plan, organizations will be able to minimalize the out-of-pocket costs of a breach.

4. Mobile device management (MDM) will be critical

Organizations will come to understand the threat that connected devices pose to their enterprises. Individuals are using unsecure mobile devices and cloud-based applications without realizing it, which is why MDM and its providers will play a vital role in maintaining organizational security.

Entry into an organization’s infrastructure via a mobile or connected (IoT) device can be relatively simple if the organization is not prepared. For example, if a person’s cell phone or an application on his or her cell phone is hacked and the device is connected to a company’s wireless internet system, a hacker can gain access to the company’s network.

2016 will inevitably be a year with many more data breaches, but hopefully 2015 has taught us that C-suite proactivity and strategy can minimize cyber risk. Learning from the missteps of 2015 will enable organizations to approach cybersecurity with a top-down approach, making it a priority for employees at every level.

By Larry Jones

Metasploit-Penetration-Testing-Software-Pen-Testing-Security
Vulnerability Scanners Cyber security vulnerabilities are a constant nuisance and it certainly doesn't help with the world in a current state of disarray and uncertainty. Vulnerabilities leave businesses and individuals subject to a wide range ...
Sofia Jaramillo
Augmented Reality in Architecture Augmented reality (AR) is a growing field of study and application in the world of architecture. This useful tool can help us visualize architectural designs by superimposing them onto real-world scenes ...
10 Leading Open Source Business Intelligence Tools
Open Source Business Intelligence Tools It’s impossible to take the right business decisions without having insightful information to back up the decision-making process. Open Source Business Intelligence Tools make it easier to have our raw ...
Louis
More CISOs will have to deliver revenue growth to protect their budgets and grow their careers in 2023 and beyond, and a core part of that will be getting multicloud security right. It’s the most common infrastructure strategy for ...
Get Smarter
Higher Education A big challenge for professionals of all ages is time. Balancing the responsibilities of work and life leave little time for self-improvement in the form of education. But ongoing education is more than ...
Gilad David Maayan
What Is Cloud Deployment? Cloud deployment is the process of deploying and managing applications, services, and infrastructure in a cloud computing environment. Cloud deployment provides scalability, reliability and accessibility over the internet, and it allows ...
Stacey Farrar
Modern Auth and Exchange Online Migrations Microsoft has phased out Basic Authentication (Basic Auth), replacing it with Modern Authentication (Modern Auth) to provide increased protection and user security. Through this, Microsoft has turned off Basic ...
Gary Bernstein
WordPress Website Security You've spent time, effort, and money building your website, so don't let it become outdated and run-down by not taking proper care of it. Here are tips on WordPress Website security, speed, ...
Recovery Experts.png
Holiday Photos.png
The Sticky Note.png
Answer To Everything.png

PLURALSITE

Pluralsight provides online courses on popular programming languages and developer tools. Other courses cover fields such as IT security best practices, server infrastructure, and virtualization. 

(ISC)²

(ISC)² provides IT training, certifications, and exams that run online, on your premises, or in classrooms. Self-study resources are available. You can also train groups of 10 or more of your employees.

CYBRARY

CYBRARY Open source Cyber Security learning. The world's largest cyber security community. Cybrary provides free IT training certificates. Courses for beginners, intermediates, and advanced users are available.