Dr Adrian Davis, CISSP, EMEA Managing Director, (ISC)²
Dr Adrian Davis, CISSP, EMEA Managing Director, (ISC)²

Last year, we saw a lot of security issues reach ‘mainstream awareness' with the number of high profile company breaches growing. This will be the year that technology trends merge closer with societal trends. We'll see consumer attitudes evolve as end users become aware of the risks and opportunities open to them and start to demand security as a feature. This could create a domino effect as more sectors treat security as a priority. Below, are detailed some of the key trends that we will see this year:  

1.   Individuals and society will begin to wake up to the value, management and security of data

Until now, the issues of data management and security have been told and understood from an industry, business or sector perspective. Individuals and society as a whole are still arguably not at a point where they are fully awake to current security and data issues and how they directly affect individuals. However I believe that 2016 will see this change as more people recognise both the threat to privacy and the true value of their data. With the increased use of applications downloaded without hesitation, and our increasing reliance on apps for everyday tasks, we're beginning to be ‘owned' by the ecosystems we choose.

In 2016, we'll begin to see more consumers question just how much of their identity and data they are willing to ‘give away' or what they should be looking for in return. Identity underpinned many of the trends towards the end of last year, and this will continue. This goes hand-in-hand with an inevitable rise in consumer awareness of data security, driven by high profile breaches like TalkTalk. As more breaches are reported in the media this year, questions about security from consumers will begin to get louder and louder.

2.   On the other side – there will be more commercial pressure to monetise data

As more data is readily shared by consumers, there are big questions to be asked about how useful this information could be to different parties and how they can benefit from it. Health insurers, or retailers for example, would find consumer healthcare data useful in pricing services and enabling better customer targeting. As there is currently no established legal or ethical framework to dictate how consumer data can be used, many businesses may be under pressure to find ways to monetise their data, particularly it is a prerequisite for obtaining venture capital funding in certain countries. Companies that delve into this approach will be focusing on establishing a balance between the ethical practice expectations when it comes to the handling of consumer data, how to profit from it, and the security of this data – especially as the reputational consequences of this last consideration could be devastating.

3.   The finance industry's security practices will be under the microscope

In addition to an increased focus on cyber-security practices, the financial and fintech industries may provide us with a model of disruptive innovation that will highlight some of the key information security challenges that we will face in future. Fintech is taking the lead in trying to deliver financial services in a completely different way, using completely different approaches and platforms. The impending General Data Protection Regulations will also form a powerful incentive for the financial sector. Their response will provide a template for other industries to follow.

Over the next 12 months, we're likely to see more parties in the financial sector being transparent about their approach, and consumers as well as the infosecurity community are likely to keep an eye on this.

4.   There will be an emphasis on looking at how to manage smartphones as a key ‘identity management portal'

For most interactions outside of the business, the smartphone will become the device of choice; and will consequently begin to be seen more as the true ‘identity management portal'. As a key authentication component to managing an identity, smartphones will begin to be seen as valuable beyond the physical cost of a device. In fact, the value to an individual will increase when considering the sheer volume and importance of the data that is now collected on smartphones. 

When looking at the use of business devices also, Digital Taylorism will come to the fore. However, along with ensuring that employees are working efficiently, questions will begin to be asked about how to use the technology to ensure that employees aren't working too much, or beyond the maximum legal time. There's always the potential for the invasion of privacy because these devices are carried around by an individual; and because they broadcast information about user behaviour, there's always opportunity to use that information to monitor people's behaviour against their wishes. We could see more businesses examining how device usage policies are written into employment contracts to safeguard the privacy and security of employers and employees.

5.   The progress of the Internet of Things (IoT) will force ‘new' sectors to adapt security for survival 

The IoT will compel sectors as diverse as rail and home appliances to begin investing in IT and security capabilities to avoid reintroducing design errors that can be incredibly costly down the line. As the array of products and concepts blending technology, service and data, such as Industry 4.0, develop in an increasingly complex and interconnected digital economy, a ‘security by design' approach will be paramount.  Industry sectors outside IT will begin to realise the importance of this and the consequences of ignoring it. Liability will be a key word holding this together. As it becomes widely known that the expertise to solve common security problems is readily available, there is less of an excuse for the neglect of sufficient security measures being integrated into design and development processes. As time goes on, suppliers, partners and society will be less forgiving of security breaches. We may very well begin to see signs of this over the course of 2016.

Contributed by Dr Adrian Davis, CISSP, EMEA Managing Director, (ISC)²