An abundance of security breaches came to light throughout 2015; so many that hearing yet another hacking story on the news wasn’t surprising. Now that 2016 has arrived, Paul German, VP EMEA, Certes Networks gives three predictions for what will happen in IT security this year.
- “Breach containment” will be recognised as a new area of focus for IT security strategies.
Industry researchers show that the average time of breach detection remains at around 200 days, which is an eternity for hackers to be loose in your IT systems. Despite efforts to improve breach detection strategies, these still aren’t showing the results. Organisations must also start deploying breach containment technologies, such as improved application segmentation combined with role-based access control. Such techniques can effectively contain hackers by preventing them from moving laterally through systems and keeping them from reaching the most sensitive data, therefore minimising the scope of the breach.
- The first breach involving an Internet of Things deployment will hit the headlines.
The Internet of Things (IoT) creates a huge expansion of end points that need to be managed by enterprise IT systems, which causes a huge increase in the amount of intelligent devices that are interfacing with enterprise applications, therefore immensely increasing an enterprise’s attack surface. As IoT deployments can involve highly sensitive applications, including healthcare data and financial transactions, it will be even more important to have the correct software-defined security solution in place to best manage this.
- Wearable technology devices will become an easy route for hackers to exploit.
The evolution of wearable technology means that these smart devices are now capable of accessing sensitive corporate data and will therefore become hacking targets, as the enterprise’s attack surface is expanded. But, as we will discover in 2016, many personal devices and applications only have consumer grade security features that are largely out of the IT department’s control. It will therefore be vital for this issue to be addressed this year, by having a software-defined security strategy that focuses on users and applications rather than the network, and by deploying a “Zero Trust” IT architecture whereby it assumed that no network, user, device or application can be fully trusted at any time, regardless of whether it is inside or outside the perimeter.
It’s time for the industry to act. Who knows what will happen in 2016, but it can be certain that the hackers won’t give up, and organisations need to have strategies in place to deal with the ever-changing technology landscape.