No industry sector can afford to stand still or rest on its laurels, but the burden of adapting to new challenges falls particularly heavily on infosec professionals. Failing to keep up with change in some other aspect is unlikely to affect an organization as badly as outdated security practice and policy. You only need to open a newspaper to see evidence of that.
The threat landscape in the world of cybercrime develops, mutates and proliferates at an astonishing rate. One recently published report tells us that around 20 million new strains of malware were created in Q3 2014 alone. Many of these, such as those targeted at mobile devices, are gaining increased sophistication and operational complexity. Other reports point to complex tools being designed for mass surveillance by nation states. The list goes on.
In every vertical, information security practitioners have their work cut out when attempting to keep up with the ever-evolving state of cybercrime. There is, however, no shortage of dedication and hard work when it comes to devising solutions for these problems. As industry insiders cast their predictions for 2015, there is reasonable consensus about the practices that must be implemented to combat new threats, and effectively respond to those that are already causing problems.
Risky Business
One inescapable concept being touted as fundamental to security in 2015 is a diminishing focus on prevention-based solutions, and more emphasis on monitoring and analytics. Many argue that organizations should aim to make better use of the information available to them in order to determine where threats have, can, or are, occurring.
“Detection and prevention technologies have not been extremely successful at stopping [2014’s] attacks,” argues Ixia’s VP of security solutions, Fred Kost. “The amount of data being generated requires security to embrace big data analytics and start applying these to security intelligence.”
Big data analytics will “[enable] identification of new attack patterns,” says Checkpoint UK MD Keith Bird, while Splunk’s Matt Davies argues that, “to leverage analytics successfully to minimize threats, teams will need to constantly be asking new questions of their data.”
Commentators from Verizon go as far as to suggest that “a proactive risk management strategy aimed at detecting crimes using advanced big data analytics… will be a make or break proposition for enterprises.”
Security Inside and Out
Increasing visibility of what exactly is going on inside the corporate network is an essential action point for 2015, several commentators argue. “Organizations need broad visibility across their infrastructure so that they can identify suspicious or malicious activities,” says Darren Anstee, director of solutions architects at Arbor Networks.
“Businesses will need to outline the inherent risks in storing, cleaning and securing data to shareholders”Greg Hanson, senior director of technical operations, Informatica
Echoing this, Varonis VP David Gibson argues for widespread implementation of “stronger policies requiring continuous monitoring and stricter access controls, which will help limit potential damage, better detect and stop unwanted activity and make recovery from incidents faster.”
But while having a better grasp of what is going on inside the network is important, there is also a need in 2015 for organizations “to look beyond the fortress walls and find a way to secure data at its source, and in motion,” says Informatica’s senior director of technical operations, Greg Hanson. “In order to do so they need to have a much better understanding of how and where their data moves.”
Indeed, the need for greater clarity on data sovereignty, and accountability for that data, is something all corners of the industry are calling for. Hanson concludes that, “As businesses acquire more data they will need to outline the inherent risks in storing, cleaning and securing that data to shareholders.”
Putting the ‘C’ in ‘CISO’
The escalating significance of cybersecurity in protecting a company’s assets and reputation will expedite the CISO’s elevation to key player in the board room in 2015, industry sources predict.
“Expect CEOs to develop closer and better working relationships with the CISO in the next 12 months,” says Skyhigh Networks founder, Rajiv Gupta. “I’d go so far as to say that the two will be joined at the hip in many organizations next year.”
Rapid 7’s VP of strategic services, Nicholas J. Percoco, believes that in 2015 “we’ll see more time for CISOs in the board room presenting metrics and relevant data points to highlight security program effectiveness.”
CIOs, too, will have a bigger role than ever in the coming year, says MetricStream CTO Vidya Phalke: “When it comes to driving the strategy and risk appetite needed to flourish in tomorrow’s digital world, the CIO will emerge as one of the most critical advisers.”
In addition, the increased responsibility of chief security officers is going to have a knock-on effect next year, says Sungard Availability Services’ VP of global products, Jack Dziak: “The CSO will no longer be able to manage security threats within his or her team alone – he or she will need to maintain a strong ecosystem of trusted vendors and advisors.”
All in it Together
As Dziak points out, collaboration within the security industry has never been more important – a point many other commentators also highlight, particularly when it comes to the sharing of threat intelligence.
“Expect CEOs to develop closer and better working relationships with the CISO in the next 12 months,”Rajiv Gupta, founder and CEO, Skyhigh Networks
“If companies can tear down the barriers that prevent them from sharing information, this data can be used to prevent others from potentially being compromised,” says Alert Logic’s chief security evangelist, Stephen Coty. “We are all in this together and need to partner with each other to achieve a collective of intelligence.”
Checkpoint’s Keith Bird concurs: “Collaborative sharing of threat intelligence will continue to develop, to offer up-to-date protections that suit end-users’ specific needs. These capabilities will, in turn, power unified security solutions that can automatically deliver protection against newly-emerging threats.”
It is not just within private industry that collaboration needs to occur. Symantec’s Orla Cox says that “Law enforcement teams are taking a more active and aggressive stance on cybercrime by increasing collaboration with the online security industry. Both private industry and law enforcement will continue such collaborative efforts in 2015.”
Law enforcement and private security firms don’t always see eye to eye, however, with the increased use of mobile encryption drawing criticism from GCHQ and the FBI this year – criticism that was not well received. Indeed, some commentators are arguing for greater encryption than ever in 2015. WatchGuard’s director of security strategy and research, Corey Nachreiner, says that “Security pros must continue to leverage encryption whenever possible; fight for the right to retain private, unbreakable encryption; and build networks that support heavy use of encryption without slowing bandwidth and adversely affecting business.”
Part 1 of Infosecurity’s predictions feature (available here) focuses on the recurring themes the industry expects to continue in 2015. Part 2, which you can read here, explores escalating and developing threats.