You have likely already read our summary of the threat landscape in 2015. The prognosis appears rather gloomy, but plenty of firms are working on means to guard firms against hackers next year, whatever their style of attack.
There is no doubt that many will use the fear as a cynical marketing ploy, but others are aware that their products and services are only part of a good cybersecurity strategy. That in mind, we asked what solutions they had to the problems cybersecurity is facing.
1. Encryption to become default
The computer revolution has been a boon for spooks, who now have access to a huge amount of communications data to track down terrorists or, depending on their style, spy on dissidents. The response by security firms is likely to be a greater degree of encryption, a trend Google, Apple and Facebook have already kicked off with the adoption of HTTPS, a secure web protocol.
According to Andrew Conway, a security researcher at Cloudmark, data encryption will be turned on automatically in the future. "Users won’t likely be choosing to encrypt, but they will want software with more security," he said. Yet the rush to encrypt "will be done wrong in spectacular ways", he added, leading to users being compromised.
2. Analytics to improve threat response
Analytics has been around for a long time in security, with many customers likely to be familiar with its use by credit card companies to detect out-of-character spending sprees. Yet the emergence of tools from Intel Security, Darktrace and others has seen a great advance in the technology this year, which will make our computers much safer.
Rajiv Gupta, chief executive at Skyhigh Networks, said: "Security teams are increasingly reliant on big data analytics to identify attacks and protect corporate assets, with advancements in machine learning giving security teams the firepower required to monitor attempts at infection and data exfiltration."
3. Media pressure to combat malvertising
Malvertising, or malicious advertising, has been a big problem this year, with media outlets such as Yahoo, The New York Times and YouTube falling victim to it. Combined with drive-by downloads the attack style can drop malware onto visitor’s machines without them even having to click the advert, and can also be used in phishing attacks.
"Major media properties will increasingly display ads from partner networks that host malware," said Blue Coat, a security firm. "As the risks of infection by visitors to their web properties increase, these media companies will put more pressure on their ad partners to eliminate malvertising."
4. ID management will secure the cloud
The perimeter of security has become increasingly vulnerable as corporate networks have spilled from desktops to laptops, smartphones and tablets. Focus on firewalls and antivirus has as a result diminished, with Symantec proclaiming that the latter was "dead" earlier this year, catching less than half of attacks.
Barry Scott, EMEA CTO at security firm Centrify, said: "There will be a move towards a new-generation of privileged identity management, as IT needs to cope with different delivery models such as public or private cloud, virtualisation and different outsourcing or partnership scenarios – not to mention ever-increasing mobility of users and the different devices they want to use."
5. Security to be built into software
The internet, as everyone knows, was never created with security in mind. Spun off from a US military programme for the use of academics, it was never imagined at the time that we would be using it to share our most intimate information. Yet increased investment from corporations and governments may see this overturned next year.
"In an era where businesses rely so heavily on apps to do business, there is a real need to ensure that each and every app is self-aware and self-protecting," Charles Sweeney, chief executive of security company Bloxx. "As such, rather than being an add-on, security will finally be built directly into applications."
6. Passwords will turn to two-factor authentication
The demise of the password has been much overstated, with many in cybersecurity hoping that the aged and misused security technology would be abandoned. Yet its convenience and familiarity will ensure it is with us for awhile yet, and may even be incorporated into the next generation of authentication.
"When bulk password thefts happen, the passwords are not at fault. The fault lies with that lack of security from the organisation maintaining them," said WatchGuard, a security firm. It added that passwords are likely to remain as part of two-factor authentication, which also calls for verification through mobile or another item only the user holds.
This article is from the CBROnline archive: some formatting and images may not be present.