Larry Jones' Headshot

Learning From Past Mistakes: Predictions For Cybersecurity

Predictions Cybersecurity

From Ashley Madison to the Office of Personnel Management (OPM), hackers did not discriminate between organizations or industries when it came to unleashing cyber-attacks in 2015. This past year, data breaches affected millions of people with headlines of a new hack appearing almost daily. On an individual level, customers’ passwords were compromised, credit card information stolen, and private lives became public to name a few ill-fated scenarios.

On the other hand, the organizations that were hacked lost millions of dollars, trust from their customers, and brand credibility. Many will not recover from such serious blows to their reputations. Businesses can only withstand a cybersecurity hack if they invest the time, effort, and money into response, recovery, and the future protection of the organization and its customers.

With lessons learned from 2015 in mind, here are four predictions related to cybersecurity that will make news in 2016:

1. CEO turnover will increase

In 2016, organizations will come to realize that a cybersecurity breach is inevitable and stakeholders will point to the CEO as the responsible party when they occur. No one is immune to cyber threats and the sooner corporate boards and C-suite executives realize this, the better off their organizations will be.

Because cybersecurity is no longer an issue solely reserved for IT departments, the C-suite, particularly CEOs, will be held responsible for data breaches. The sophistication of cyber threats is unprecedented, requiring executives to evaluate the access of data from employees, customers, partners, regulators and vendors. As such, after a breach occurs, many CEOs will either be forced to step down or be fired.

Additionally, executives must be able to demonstrate they have taken all possible precautions to protect their customers’ data. Public expectations of transparency are likely to increase based on the increasing number of breaches. If CEOs cannot provide evidence of their organizations’ efforts, they will be swiftly replaced.

2. CISOs will be scrutinized more than ever

Corporate boards will scrutinize new CISO hires more than they had previously and more than any other C-suite position. A CISO will be expected to mitigate cyber risk, and ensure the organization maintains the philosophy and practice that compliance does not equate to security. Being compliant is important, but organizations must assume that measures must be taken above and beyond compliance and have strategies in place for identifying areas in need of security improvements.

complience-cloud-risks

Performing penetration tests – tests where third parties are paid to infiltrate an organization’s infrastructure in order to uncover holes in security – will be one way CISOs will help arm their organizations against unfriendly hackers. Having a data breach response and recovery plan will be another way CISOs mitigate risks for their businesses and their customers.

3. Cyber insurance will become more popular

As 2015 demonstrated, data breaches are a very real and pervasive threat. Only by taking preemptive measures and proactively preparing a response and recovery strategy will organizations be able to bounce back when one occurs to them.

Part of this proactivity will come in the form of cyber insurance. Even with executives understanding the need for a cybersecurity strategy, it is difficult to calculate all potential costs involved in a breach. Financial considerations must include both direct and indirect costs. An example of direct costs is the financial reparations paid to affected customers after a breach. Indirect costs can include the legal fees incurred while an organization is sued for these reparations.

By purchasing an insurance plan, organizations will be able to minimalize the out-of-pocket costs of a breach.

4. Mobile device management (MDM) will be critical

Organizations will come to understand the threat that connected devices pose to their enterprises. Individuals are using unsecure mobile devices and cloud-based applications without realizing it, which is why MDM and its providers will play a vital role in maintaining organizational security.

Entry into an organization’s infrastructure via a mobile or connected (IoT) device can be relatively simple if the organization is not prepared. For example, if a person’s cell phone or an application on his or her cell phone is hacked and the device is connected to a company’s wireless internet system, a hacker can gain access to the company’s network.

2016 will inevitably be a year with many more data breaches, but hopefully 2015 has taught us that C-suite proactivity and strategy can minimize cyber risk. Learning from the missteps of 2015 will enable organizations to approach cybersecurity with a top-down approach, making it a priority for employees at every level.

By Larry Jones

Larry Jones

Larry Jones is the chairman and CEO of Coalfire and has over 25 years of experience building, operating and growing public and private companies. Under Jones direction, Coalfire is the leader in cybersecurity risk management and compliance services and is the trusted advisor for the leading brands in the healthcare, retail, financial services and technology industries. Jones has a successful track record as a corporate director and chief executive for companies such as StarTek (NYSE:SRT), MessageMedia (NASD: MESG), and Neodata.  Jones, alumnus of Worcester Polytechnic Institute and Boston University, has more than 25 years of experience building, operating and growing public and private equity backed companies.

The Five Rules of Security and Compliance in the Public Cloud Era

The Five Rules of Security and Compliance in the Public Cloud Era

Security and Compliance  With technology at the heart of businesses today, IT systems and data are being targeted by criminals, competitors and even foreign governments. Every day, we hear about how another retailer, bank or Internet company has been hacked ...

SPONSORS

The Shift from Monolithic to Microservices: What It Means for CTOs

The Shift from Monolithic to Microservices: What It Means for CTOs

The Shift to Microservices The shift in application development strategies is moving from monolithic design to isolated and resilient components ...
AT&T Pinpoints 4 Key Elements To Achieving Security With The Internet of Things

AT&T Pinpoints 4 Key Elements To Achieving Security With The Internet of Things

Internet of Things Security The Internet of Things (IoT) is rapidly becoming a part of many of our business processes, ...

Cloud Community Supporters

(ISC)²
AWS
HPE
CA Technologies
Cisco

Cloud community support comes from sponsorship, service opportunities and collaborative network partnership initiatives.

Breached Data

No Google+? No Problem

No doubt you heard about the death of Google+? The reports of the death of Google+ are not exaggerated. But it’s an exaggeration to say that Google shut it down because of a data breach. Rather, Google shut it down because of an API vulnerability
Blockchain info

How Can Blockchain-as-a-Service Help Your Business?

Blockchain-as-a-Service “Have you seen the price of Bitcoin?”, “You gotta get in on Ripple, it’s going through the roof!”, “Are we in a crypto bubble? Is it all going to crash?” You may have heard all the hype about cryptocurrencies over the past year. But what people

"Top 100 Brand Influencer, Cloud”
-ONALYTICA

"Best Cloud Computing Blog"
-SYSADMIN MAGAZINE

"Top 10 Sites For Cloud Computing"
-DIGITALISTMAG SAP

"Top 10 Cloud Computing Blogs”
-MARKETING ENVY

"Top 25 Must Read Cloud Blogs"
-CLOUDENDURE