10 cybersecurity predictions for 2015

Year end is a time for reflection.

Based on my history in this space, plus the fact that my day job of running CSC’s Global Cybersecurity Consulting business lets me talk to and help hundreds of executives around the world, I wanted to offer my perspective on how 2014 turned out and my thoughts on what to watch for in 2015. Before starting my 2015 predictions, let’s review how I did last year:

1. Planning Goes Mainstream

2014 was the year that retailers learned that a good response to an incident is as critical a skill as the ability to stop an attack. Organizations spent hundreds of millions of real dollars in 2014 responding to incidents, and they are learning from that experience that an ounce of prevention is worth hundreds of millions of pounds of cure.

2. Big Data and Security Meet at the SIEM

While not mainstream in 2014, many leading companies are moving beyond security information and event management (SIEM) services and using big data techniques to predict what will happen so they will have time to prevent incidents. Based on this strong start, look for far greater adoption of predictive big data in 2015.

3. Threats Keep Evolving

As 2014 saw the release of highly evolved threats, we can agree this came true. In many cases, criminals launched these threats — which used to live only in the systems of governments and defense companies — against retail, entertainment, finance, healthcare and more.

4. Your Security Scope Expands

This 2014 warning that your supply chains are fast becoming threat-entry points was proven time and time again, evidenced by high profile attacks against retail and energy using “trusted” suppliers as their entry points. Continuous monitoring for advanced threats and behavior-based security event analysis engines are two measures that can help prevent supply chain vulnerabilities.

5. Passé Passwords

Disappointingly, 2014 saw us remain tethered to passwords that don’t work. We learned that sony123 is not a great password choice and, in fact, passwords themselves are no longer the answer. Federated identity ecosystems are here and will be more widely adopted in 2015.

6. Keys Are the Key to the Cloud

Many more organizations adopted the cloud in 2014 — the ability to own their own keys helped prompt this widespread adoption. Companies also introduced much great new technology to maintain keys and control while leveraging the cloud in 2014; this new technology should drive dramatic enterprise cloud adoption in 2015.

7. Smartphones Get Dumb Again

As with passwords, it’s a shame that more smartphone manufacturers didn’t leverage the virtual machine style of access on their phones. Thus, it’s no surprise that much sensitive material was left in the backseats of cabs and floating in Starbucks.

8. Transnational Crime Becomes More Concerning Than Governments

Money was still the top motivator for cyberattacks in 2014, and the organizations behind organized crime became more technologically coordinated, advanced and ruthless.

9. Shhhhhh! — Securing Your Voice

Several new secure mobile phones, secure VoIP and add-on security, especially for international journalists, rolled out in 2014 as people realized that many governments and criminals eavesdrop. 2014’s new crop of offerings should continue to grow in 2015.

10. Quit It!

Managed security continued its double digit growth in 2014, fueled by companies’ desires to turn much of their security operations over to trusted security pros who can keep up with the tech and threat evolutions. 

Lagniappe: Secure the Robots!

2014 had both high- and low-profile attacks against industrial control and SCADA systems, and it continues to be a head-to-head battle where the atom meets the bit.

Of my 2014 predictions, 82 percent bore out over the year. Let’s see what you think of my 2015 prognostications. 

1. Cloud-independent security becomes a linchpin offering, where vendors will own the linkage between your enterprise and any brand of cloud.
2. Sandboxing goes mainstream. We finally acknowledge that employees surf, and we’ll build them a safe place to do it.
3. Cyber insurance has a break-out year. While still not perfect, demand overwhelms usefulness.
4. Cyber-“silver bullets” bite the dust. Companies learn to stop claiming their products deliver impossible results, and customers stop believing them.
5. A new global, super cybercompany (or two) will emerge. Many of the historic brands are about to get fresh competition. It’s time.
6. CSOs will be promoted to chief trust officers. Security is a business issue now, not just an IT issue, and companies will see that trust is the new security.
7. Risk qualifications will become decision criteria for boards of directors. Security works best from the top down (see above).
8. Criminals will breach home and auto control systems, and security firms will secure ecosystems. Adversaries have just been waiting for wider deployment, which will happen in 2015.
9. Critical infrastructure will show its vulnerabilities at a dangerous level. There are too many fingers close to too many kill switches right now; someone is going to find a reason to press one.
10. The public will launch a backlash against companies, apps and sites that overreach with our personal information. A year’s worth of credit monitoring is not enough, and class action attorneys will figure that out.

Lagniappe: The blockchain will transcend payments and move into all trust areas. 2015 is a good time to learn how it will change all of your business transactions in the near future.

“Your task is not to foresee the future, but to enable it,” said Antoine de Saint Exupéry. 2015 will be another exciting year. Let’s get to work!