Chief Information Security Officers (CISOs) are at the cutting edge of cyber security and are often the first to know when a security breach has occurred. Their ability to stay one step ahead of any potential threats is crucial to their line of work, so it’s immensely valuable to take note when 25 top CISO’s discuss their security predictions for 2016.
With cloud, mobile and social platforms all becoming the new normal, there are multiple risks to consider. Most of the experts picked up on themes such as Highly Orchestrated Attacks, a greater focus on Incident Response and a need for improved Cyber Liability Insurance.
Joe Adornetto, CISO of Quest Diagnostics, revealed that three of five largest data breaches of 2015 were in healthcare, while Roota Almeida of Delta Dental explained that was due to the fact that “No other single type of record contains so much Personally Identifiable Information (PII) that is often linked to financial and insurance information and can be used for various attacks.’’ More attacks of this nature will necessarily lead to companies seeking to “offload the risk to insurance providers”, says Almeida, before concluding that “Cyber insurance will gain velocity and popularity in the coming year”.
Microsoft’s Bret Arsenault explains that effective security measures don’t have to cost a lot of money. He says “Interestingly enough, the most effective preventative actions aren’t necessarily cost-prohibitive – like robust monitoring systems, proper employee training, and a strong identity lifecycle process.” Microsoft believes in empowering its employees to create a pervasive security culture so that they make safer decisions online. Grace Crickette of the San Francisco State University agrees: “We have found that engaging non-technical managers to help deal with implementation of a security risk assessment on an ongoing basis provides the relationships that we need to be able to improve rapidly.”
Simple things make a big difference in security. E-mail and internet browsing are ‘low hanging fruit to minimize breaches’, according to Napa County’s Gary Coverdale. His advice for 2016? “Be prepared, take advantage of quick wins by properly deploying aggressive cyber hygiene and start hardening your systems by taking advantage of ‘smart’ partnering with the appropriate vendors that have the right and cost effective solutions meeting your security, privacy, and compliance initiatives.”
IBM’s David Cass managed to sum up 2015 succinctly as a year of “escalating breaches for banking, healthcare, government, media and telecommunications. No industry sector was spared, and these attacks demonstrated their destructive capabilities. Nation-state activity increased to an all-time high, paving the road for the cyber security pact with China.” He expects more of the same in 2016 but is hopeful that international co-operation will mitigate the increased security threats.
None of the CISO’s interviewed were optimistic that security threats would recede in 2016 and all predicted far more intense focus from companies and individuals alike. Vanessa Pegueros of DocuSign has the final word. “In summary 2016, will bring more breaches, more attention from the top levels and more money being spent to solve the problems as consumers become increasingly less tolerant of their data being exposed in breaches.”
By Jeremy Daniel
