2016 is going to be a big year for security. News of data breaches and the major technological innovations of 2015 will put more pressure on companies to implement effective organizational security. I believe 2016 will see major initiatives in these seven areas: Securing the supply chain, leveraging more data analytics for security, IoT security, more security executive hiring, more focus on retaining security talent, extending security to the mobile device, and encryption becoming the minimum standard for security.
Securing the supply chain
2015 demonstrated the need for organizations to ensure that their weakest security link does not lie among one of their suppliers. Some of the security breaches that occurred were the result of suppliers or partner companies that were handling or had access to company information.
The supply chain relies on sharing of information in order for it to function effectively and 2016 will see an increase in initiatives to implement a standard or minimum set of security controls throughout the process and wherever sensitive data is shared with suppliers or other partner companies.
Leverage more data analytics for security
Big data has been growing more and more each year. It has been leveraged greatly in determining shopping habits, customer needs, process improvement and many other areas but I believe 2016 will see a growth in the use of big data in security. Big data can be used to predict likely targets, identify attack patterns, detect network or data anomalies that indicate abnormal activity such as a data breach, validate data sources to better screen out garbage data or identify areas where security controls are performing well. This is all very valuable in protecting organizational assets. It is also valuable to governments trying to protect their citizens and companies against attacks from foreign nations and companies.
Internet of Things security
The Internet of Things (IoT) is expected to explode next year. As more and more devices come online, companies will develop new strategies and technologies to protect the devices and the data produced from those devices. I expect the innovation in IoT and IoT security will also trickle over to other areas of security, helping to improve security overall.
More companies will hire a security executive such as a CSO
The Chief Security Officer (CSO) will be a more common member of the “C-suite” in the next year as companies realize that top level support is required and an independent executive division is needed to ensure transparency and functionality between technical, operational, financial, legal and other critical business areas.
CSOs will be expected to implement security best practices and work with compliance officers or teams to ensure adherence to relevant regulations. They will also be responsible for aligning businesses and security goals so that security initiatives are more effective.
Find ways to hire and retain valuable infosec talent
2016 will see an increase in hiring of other infosec professionals, as well. CSOs will need a team to achieve their objectives and they will not be able to fill that need entirely from existing resources. Such resources may include risk management professionals, security analysts, penetration testers, security engineers and architects, security managers and other security professionals.
Extend security to the mobile device
Employees today are not just mobile, they are mobile with multiple devices. Employees may have a laptop, tablet, and smartphone each connected to the corporate network. Companies will be implementing more controls to extend organizational security to the mobile device. This will include mobile device management systems but also more transparent security such as data driven security, identity management systems that integrate across mobile and traditional platforms and cloud systems that offer services to mobile and traditional systems alike.
Encryption is the new “minimum” security
The regulations have spoken and encryption is practically the new minimum standard for security. 2016 will see an increase in the use of encryption for key systems such as email, network communications, web traffic including traffic that was previously not deemed sensitive, end user computers and mobile devices and servers. Those systems that are already using encryption will most likely get an upgrade to the type of encryption used or to the way they manage keys so that they are in line with best practices.
Do you see any other security initiatives coming forward in 2016? Please share your thoughts with on Twitter with @evanderburg and @TCDI.