The Information Security Forum (ISF), a global, independent information security body, has announced the availability of Threat Horizon 2016, the latest in a series of the organisation’s Threat Horizon reports.
According to the ISF, revelations in 2013 that governments and their agencies have been spying on citizens in the name of national security have seriously undermined a core tenet of operating in cyberspace – trust.
"Primary analysis of data gathered for Threat Horizon 2016 resulted in an overarching theme of trust that increasingly concerns our member companies," said Steve Durbin, Global Vice President, ISF.
"Disintegration of trust will result in organisations no longer being able to take for granted that governments will look out for citizens’ best interests, that security solutions will deliver what is promised and that their people will help navigate a way through."
ISF said: "Cyberspace is evolving rapidly. Organisations are facing an increasingly complex threat landscape, one that traditional security approaches are incapable of addressing. Organisations must be aware of a wide range of threats, the most pressing of which they have little control over.
"Walking away from cyberspace is not an option and while defending against all threats is unrealistic, there is still time to build resilience to them. It is essential to re-assess assumptions about operating in cyberspace and adapt resilience to this new paradigm. At the same time, organisations need to continually bolster resilience to ongoing threats such as cybercrime and the insider threat."
Threat Horizon 2016 is part of the annual series of ISF Threat Horizon reports that provide a way for ISF members to take a forward-looking view of the increasing threats in today’s always-on, interconnected world.
"Threat Horizon 2014 highlighted that the cyber arms race would lead to a cold war. Rather than cold, this ‘war’ has turned hot with more governments developing offensive cyber capabilities. Threat Horizon 2015 predicted that governments and regulators will demand more of organisations in preparing for cyber threats, yet will offer little direct guidance," continued Durbin. "In this year’s report, we have determined that government activities will further complicate the way organisations operate in cyberspace. We anticipate that the threat landscape will continue to widen and organisations must prepare to work in this new normal – now."
Threat Horizon 2016 aims to provide a practical way for organisations to take a forward-looking view of the increasing threats in the world. The report, which contains a business-oriented view of threats that may affect an organisation over the next two years, focuses on the themes of: No-One Left to Trust in Cyberspace – Organisations must prepare to operate in an environment where governments no longer balance national security with citizens’ and business’s best interests; Confidence in Accepted Solutions Crumbles – Organisations need to build resilience against cyber threats at a time when a number of accepted solutions are no longer viable; Failure to Deliver the Cyber Resilience Promise – Unless Chief Information Security Officers (CISOs) evolve their skill set to ensure that they can anticipate the CEO’s needs and deliver on an increasingly demanding digital agenda, they will fail.
Threat Horizon 2016contains detailed predictions along with trends and other factors that can increase or decrease the probability of the predictions coming true. The report also sets out to highlight the top 10 threats to information through 2016. These threats include, but are not limited to: Nation-State Backed Espionage Goes Mainstream; A Balkanized Internet Complicates Business; Unintended Consequences of State Intervention; Service Providers Become a Key Vulnerability; Big Data = Big Problems; Mobile Apps Become the Main Route for Compromise ;Encryption Fails; The CEO Gets It, Now You Have to Deliver; Skills Gap Becomes a Chasm; Information Security Fails to Work With New Generations.
The Threat Horizon series of reports is aimed at senior business executives, up to and including board level, to help them understand the cyber threats that could have an impact on their organisations. The reports can also be used by information security professionals to explain threats to business audiences and to engage with them.