By Pritesh Parekh, VP & CSO, Zuora.
2015 has been an eventful year for Security teams in all sectors – the Financial, Retail and Healthcare sectors were prime targets; IoT grew to become a major source of concern for businesses and customers; and even Government services weren’t spared. Overall, an interesting year that set the stage for future imperatives.
Here’s what 2016 looks like from a security lens:
- A record breaking year for data breaches – Yes, it’ll get worse in 2016. The Financial and Retail sectors will remain top targets. Targeted malwares increased in these sectors in 2015 and most were unique to the targeted organization and thus, not easily discoverable using traditional malware detection techniques. They will continue to grow and in response, we’ll see a rise in Cyber Insurance and ID theft monitoring services.
- HIPAA compliance may be revamped – In 2015, we saw large healthcare organizations such as Anthem, Blue Cross, and OPM attacked, compromising millions of records including ePHI and personal information. As a result, HIPAA compliance enforcement may become more stringent with violations resulting in heavier fines.
- IoT will continue to be a growing concern – With IoT, the threat moves from data safety to much larger issues of consumer safety. Recent incidents such as the Chrysler Jeep Cherokee hack is a great example of a security breach threatening the actual physical safety of consumers. As companies clamour to be the first in the market with revolutionary IoT products, expect more security concerns to come to light.
- Safe Harbor 2.0 won’t be the answer – A big issue in 2015, the EU Safe Harbor invalidation demonstrated concerns around data access by US government agencies. The EU called for stronger controls around data sovereignty. But, Safe Harbor 2.0 may not be the answer. Creating a set of new privacy policies to protect the data of EU citizens is not going to solve the larger problem. Unfortunately, it’ll just be another checklist item for most organizations.
- Growth of Security Startups – The advent of cloud computing and increase in data breaches has created an environment that allows security startups to quickly integrate their products into the cloud and provide services for consumers. Expect to see many more of them in 2016.
- Rise in data science and machine learning technologies – Hackers are becoming increasingly sophisticated in conducting attacks and new intrusion detection techniques are the need of the hour. Traditional intrusion detection companies may phase out or morph themselves to use data science and machine learning principles.
- Expanding the Security stack – With weak authentication and vulnerable security patches among the many risks exposing large businesses, new security technologies will be deployed. These will create more complexity and require more effort to efficiently monitor and correlate real threats.