Information Security Forum Identifies Top Five Security Threats for 2016

NEW YORK - Dec. 8, 2015 - PRLog -- The Information Security Forum (https://www.securityforum.org/) (ISF), a global, independent information security body considered the world's leading authority on cyber security and information risk management, has announced their forecast of the top five global security threats that businesses will face in 2016. Key threats include: the unintended consequences of state intervention, Big Data, mobile applications and the Internet of Things (IoT), cybercrime and the growing skills gap in the information security industry.

“As we move into 2016, attacks will continue to become more innovative and sophisticated. Unfortunately, while organizations are developing new security mechanisms, cybercriminals are cultivating new techniques to evade them,” said Steve Durbin, Managing Director of the ISF. “In the drive to become cyber resilient, organizations need to extend their risk management focus from pure information confidentiality, integrity and availability to include risks such as those to reputation and customer channels, and recognize the unintended consequences from activity in cyberspace. By preparing for the unknown, organizations will have the flexibility to withstand unexpected, high impact security events.”

The top five threats identified by the ISF are not mutually exclusive and can combine to create even greater threat profiles. The most prevalent threats include:

Cybercrime Causes the Perfect Threat Storm

Cyberspace is an increasingly attractive hunting ground for criminals, activists and terrorists motivated to make money, cause disruption or even bring down corporations and governments through online attacks. Organizations must be prepared for the unpredictable so they have the resilience to withstand unforeseen, high impact events.

Cybercrime, along with the increase in hacktivism, the surge in cost of compliance to deal with the uptick in regulatory requirements coupled with the relentless advances in technology against a backdrop of under investment in security departments, can all combine to cause the perfect threat storm. Organizations that identify what the business relies on most will be well placed to quantify the business case to invest in resilience, therefore minimizing the impact of the unforeseen.

Unintended Consequences of State Intervention

Conflicting official involvement in cyberspace will create the threat of collateral damage and have unforeseen implications and consequences for all organizations reliant on it. Varying regulation and legislation will restrict activities whether or not an organization is the intended target. Even organizations not implicated in wrongdoing will suffer collateral damage as authorities’ police their corner of the Internet. Moving forward, it will be about organizations understanding what governments are able to ask for and being open about that with partners. In the past, we didn't have this kind of openness.

Big Data Will Lead to Big Problems

Big data is rapidly becoming embedded in the way organizations operate and make decisions. Their failure to respect the human element of data analytics will put the organization at risk of overvaluing big data output. Poor integrity of the information sets used can mean their analysis leads to bad business decisions, missed opportunities, brand damage and lost profits.

Big data offers opportunities for organizations when the risks and rewards are well considered. Organizations should keep in mind that the human aspect of data analytics is required to properly analyze and vet datasets. Those that put blind faith in big data will make strategic decisions based on faulty or incomplete data sets. This can be avoided by outlining a process for applying big-data analytics to information security problems.

Mobile Applications and the IoT

Smartphones are creating a prime target for malicious actors in the IoT. The rapid uptake of Bring Your Own Device (BYOD), and the introduction of wearable technologies to the workplace, will increase an already high demand for mobile apps for work and home in the coming year. To meet this increased demand, developers working under intense pressure and on razor-thin profit margins will sacrifice security and thorough testing in favor of speed of delivery and low cost, resulting in poor quality products more easily hijacked by criminals or hacktivists.

Chief Information Security Officers (CISOs) should be proactive in preparing the organization for the inevitable by ensuring that apps developed ‘in-house’ follow the testing steps in a recognized systems development lifecycle approach. They should also be managing user devices in line with existing asset management policies and processes, incorporating user devices into existing standards for access management and promoting education and awareness of BYOD risk in innovative ways.

Skills Gap Becomes an Abyss for Information Security

A maturing information security field and more sophisticated cyber-attack capabilities will demand skilled information security professionals who are increasingly scarce. Cybercriminals and hacktivists are increasing in numbers and deepening their skillsets. The ‘good guys’ are struggling to keep pace. Where will these resources and skillsets come from? CISOs need to build sustainable recruiting practices as well as develop and retain the talent they already have to boost the organization’s cyber resilience.

In 2016, the skills gap will deepen as hyper connectivity increases. CISOs should prepare to build information security capabilities across the organization and position the executive team to recognize and retain talent, both those who have come up through the ranks and newer employees who have worked in a digital environment and business roles. Moving forward, there will be a need to be more aggressive about getting the skill sets that the organization needs. While the industry continues to attract the right level of interest, and while businesses continue to work with Universities and passing needed legislation, the industry as a whole must realize that there is a skills gap problem that needs to be resolved.

For more information, please visit the ISF website or contact Steve Durbin at steve.durbin@securityforum.org.