Predictions: 2016 and beyond

Industry predictions for cyber-security are unlikely to achieve a consensus
Industry predictions for cyber-security are unlikely to achieve a consensus

Unknown access to data and networks will phase out — shifting from simple password access to login credentials that incorporate context-aware rules like location, time, device and security posture. Attributes associated with the user will vary dynamically over time (adaptive access control) — rather than remain just static entitlements. FA

Analytics & automation everywhere. Things that previously required IT, such as access privilege settings and rules governing data sharing, will be automatically applied to content based on contextual clues present in the file content. YE

Increasing numbers of Android exploits become weaponised and these vulnerabilities actually exploited as App Store detection and filtering is avoided, eg App loads harmless games if it thinks it is being tested, but loads malicious payload when it detects it is ‘safe' to do so. SL

Antivirus and security product companies discontinue on-premises products as many endpoint protection features are increasingly included in the core product, monetised by the sales of advertising and app store commissions. JS

More practical use cases for Artificial Intelligence (AI) in information security will emerge. AI anticipates issues before they arise through threat analysis, threat detection and threat modelling. Biggest barrier is how much we're prepared to let it to take control. MT

A botnet of smartphones won't DDoS the internet as they will run out of power after an hour. GR

BoT - Botnet of Things used by attackers exploiting the abundance of soft targets, from running malware that participates in DDoS attacks and spreading spam, to running proxies, scanning other machines, or acting as a leverage point for compromising all other devices on the local network. AS

People become de-sensitised to breaches and feel helpless causing companies to prioritise their response and analysis capability, as well as their breach insurance. RA

CISOs gain board respect as boards finally realise that IP theft and reputation damages caused by cyber-attacks are now essential business considerations, helping to justify investments in the defensive measures sought by CISOs. YE

The bad guys will find a way to gain access to data in the cloud, resulting in more breaches as hackers use credentials to cloud services as a major attack vector. Social engineering tactics will focus on mimicking cloud login screens to gain credentials. RA

Exploit kits like Angler and Nuclear, the biggest malware problem today set to continue to dominate thanks to the thousands and thousands of poorly secured websites.  SL

Humans will no longer change passwords or even be responsible for passwords.  All password management will be handled by automated systems with password lifetimes measured in minutes or hours.  PL

Cloud-delivered security as a rented capability reduces cost and time to deliver security dramatically. This will democratise the military grade security previously only available to the largest firms to the masses.  JS



Cyber-security assessments of contractors and third party firms will be enforced by major corporations, requiring them to be on par or better than the standard set by the enterprise.  AS

Compromised credentials are the new normal and companies will take steps to mitigate the risk they represent: complex and unique passwords; Multi-factor authentication across more apps and devices, adaptive access to detect and stop suspicious login attempts and granular privilege management.  CW

Security services will be delivered by ISPs, cloud vendors and managed security services providers as more companies finally give up trying to do their own security and move the responsibility to others with strong capabilities.  JS

Expect one or two really spectacular breaches, with bigger financial losses and falls in the value of companies that suffer data breaches.  BS

Software Defined Networking (SDN) will become fully operational and deliver better performance and security as it drifts down market into more enterprises delivering better performance, security and value.  JS

International conflicts bring hardware-connected cyber-crime attacks.  RA

European data centre market to see massive investment in 2016 as Safe Harbour ruling drives data hosting decisions - not just technology providers. MT

Privacy and security become more of a concern for consumers, and a slight marketing advantage for hardware and software vendors.  GR

Page 1 of 2

SC Webcasts UK

Sign up to our newsletters

FOLLOW US