1. A set of tools that give useful feedback
As cyber security threats get more advanced, so do the tools designed to protect against them. Unfortunately, all too often these tools produce a lot of noise, and not a lot of signal. Tools that focus on delivering useful feedback will be high up no what CIOs, and their security staff, want in 2016.
2. A CSO and security team that can speak human
One of the key problems in getting securing information in a company is a lack of communication between security practitioners, their peers, and the board. CIO’s need the people leading on cyber security to speak in a way that not people can understand, so the threat of cyber attacks is understood throughout the firm.
3. More talent coming into the jobs market
The skills gap is a major issue facing the cyber security industry. There are simply not enough people with the right cyber security skills for firms to hire.
The government has already announced significant investment into cyber security, including new apprenticeships and cyber security incubators, but more will need to be done from both the public and private sectors to bridge the skills gap.
4. An end to Shadow IT
Shadow IT is the nemesis of CIOs, and it’s only getting worse. From file sharing apps like Dropbox and messenger tools like Skype, to the humble USB stick, shadow IT results in data disappearing off into all sorts of insecure apps and places in the web where the firm cannot keep control of it.
5. Employees respecting the firm’s security policy
Use of shadow IT is one way firm’s security policies can be violated by employees, but there are plenty of others. Things like employees regularly changing strong passwords, protecting company issued devices, and not transferring critical data over unsecured networks would all improve the next 12 months for CIOS.
Part of the problems currently is that the wrong people are leading security awareness courses. Certified SANS instructor and leader in security training, Lance Spitzner told CBR this year: "Over 90% of security awareness officers, security culture officers, whatever you want to call them, are geeks. Who are the worst communicators in the world…geeks.
6. More cyber security resources
Resources in many firms are not matching the escalating cyber security threat. CIOs need bigger budgets to buy more advanced solutions, and to hire more staff to implement them, and monitor a firm’s network to keep it safe. The UK lost $6.3bn in financial year 2015 as a result of cyber attacks, so the investment would seem to be justified.
7. Vendors improving cyber security standards
It’s not been a great year for key IT and communications vendors, with TalkTalk the most high profile example. CIO’s will be hoping they up their game in 2016, because the when a vendor is attack, so are there customers.
70% of those who responded to a survey from UK large and medium-sized corporations admitted that they do not check suppliers an/or customers that they trade with for cyber risk, and this needs to change.
8. Security by design
Software providers also need to improve their security offering, making it a key part of the design process in software that CIOs deploy in their firms. Regularly patching is one thing, but having security central to the design will significantly improve how secure software is.
9. Improved mobile security
Employees are the most vulnerable when they leave the safety of the office and the firm’s own network. With mobile working and BYOD becoming ever more prevalent, improved cyber security tools for mobile devices are essential.
10. Not to be the next victim
More than anything, CIO’s will be going into 2016 with everything crossed that their firms is not going to be the next one hit by a mega breach. With the C-Suite ever more aware that a cyber attack could signal the end of their job, nobody wants to be the next TalkTalk, JD Wetherspoon, or VTech…
