My colleague Doug Cahill and I recorded a video shortly before the holidays outlining what we're expecting to see in 2016 in the cybersecurity space. We're excited to share that video with you now:
Hope the first week of your new year has gone well, and we're looking forward to bringing you more insightful analysis and commentary as the year goes on.
Woman: The following is an ESG 360 video.
Jon: It's the end of 2015, moving into 2016, so it's time for some predictions on what we believe will happen with Cybersecurity next year. So, Doug, let's start with the threat landscape. Very dangerous, what do you see in 2016?
Doug: Yeah. You know, Jon, I think it's going to be largely driven by what's going to be an ever-expanding attack surface area, that's going to further erode the network perimeter. And while in the last couple of years we've been waiting for notable mobile malware to hit the scene, I think 2016 could be the year, and I worry about mobile banking. I know my kids, for example, are heavy consumers of their mobile banking app, and I worry about mobile banking Trojan, which increases the need to use two-factor authentication.
Jon: Yeah, and mobile malware in China will be particularly bad in 2016. I think it'll proliferate from there. What I'm afraid of for 2016, is the proliferation of ransomware. I think we've seen ransomware in the small business sector and then the consumer sector. I think we'll start to see it in the enterprise sector, and there'll be some big ransoms demanded.
Doug: Big stakes.
Jon: Yeah, very scary stuff. How about technology?
Doug: I mean, I sort of go back to the expending attack surface area, that's going to be categorized by a lot of hybrid clouds in production environments.
Jon: It's true.
Doug: So I think, fortunately, the technology sector is making great strides in providing solutions which span those hybrid environments, so you can have a unified security posture for your [inaudible 00:01:37] infrastructure and application, and your data assets, and those which also reside in a public cloud infrastructure.
Jon: Yeah, I think we'll have to overcome some confusion in the market, and we need some market education there.
Doug: Yeah, and the organizational dynamics are shifting there, too.
Jon: Yeah, and kind of similarly, I think it'll be a big year for identity and access management. I think there's consumerization going on, and there'll be people bringing in biometrics on their phones, and then this is being driven a lot by mobile and by cloud. And I think that will drive this renaissance in identity and access management across the enterprise, and we'll see more strategic plays there.
Doug: Including user behavior analytics.
Jon: Absolutely, including user behavior analytics. So finally, let me throw the first one out, and let's talk about organizations and markets. We saw the OPM breach, the Target breach, all emanating from a third party. So I think companies have to get, or will get, more involved in cyber supply chain security. So they'll look at their business partners that they're connected with, and they'll start to formalize those relationships to get more controls in place, more active monitoring in place, maybe some standardization there as well.
Doug: Totally agree. It's an ecosystem, and it'll let us be more vetting of those vendors from whom we supply products and services, and those that we get them from. And part of that is, where do cybersecurity professionals go to get current and get smart? And I think Black Hat, as we saw last year when we were there, is becoming an increasingly relevant trade show and conference for the security practitioner to get really current and smart on technology, trends and solutions and also the threat landscape, but also for vendors. I think we're seeing it becoming more and more of a really important show for every cybersecurity vendor to be at.
Jon: Yeah, I agree. The people who go to Black Hat are the people who are getting their hands dirty, not the ones who are making deals.
Doug: Totally true.
Jon: Well, that's just a flavor of what we see for 2016, we'll be writing a lot more, we'll be doing a lot of research. So happy holidays, and we look forward to speaking in 2016 about cybersecurity.