Everyone from Rapid7’s CEO & President, Corey Thomas, to the company’s Global Security Strategist, Trey Ford, have weighed in, offering insights around what they think is ahead for 2016.
“I believe, and fervently hope, that the security issues dogging the Internet of Things will reach a critical level of both awareness and accountability. Given the growing coverage in mainstream media outlets about the state of security with IoT, I expect to see vendors of IoT devices take on real responsibility for the security of their devices. We in the security industry all know that hacking IoT devices is like dropping back ten years, and I believe that the mass consumer market will drive creative and realistic solutions to the problems of old software, old build processes, and the fractured patch pipeline.”
“We will continue to break free from the echo chamber. We are already seeing this with security researchers spending more time talking to law makers and infosec professionals actively reaching out to engage with non-security sector organisations. This trend will (hopefully) continue into 2016 and will help break down the communication barrier that continues to plague us as an industry.”
“We’ll see the massive focus on cybersecurity in the policy sphere continue, and perhaps even increase, with organisational and system changes made to reflect this prioritisation. With this continued emphasis on cybersecurity in the Government, I hope we’ll see the level of engagement between policy makers and the security community increase, and I hope we’ll see it drive positive outcomes. However, I am concerned that we’re likely to see some pretty scary legislation being proposed – we’ve already seen a bill that would prohibit independent security research on cars. It’s on us to educate legislators about the potential fallout of these efforts. I hope we’ll see the security community take a more collaborative, thoughtful, and productive approach to engaging policy makers, so we can avoid legislation that hinders security, rather than helping it.”
“Come see the softer side of security.
My prediction is probably aspirational: I am hopeful we’ll see more transparency in incident and breach communications. The public isn’t afraid of “yet another breach,” they’re afraid the organisations they have a relationship with will violate their trust. In our series on VERIS, we’ve talked about the questions the public wants to see answered: who took what action, against what systems or information, with what impact, when, and what is being done about it?
Security will continue the shift of focusing more on trust than compliance.“
“Privacy and security will become more of a concern for consumers in 2016, and perhaps a slight marketing advantage for hardware and software vendors, though it will not become the main criteria for most people choosing a device such as a smartphone or an operating system.
As we are talking about things that will probably not happen, let’s get those un-predictions out of the way:
- The Internet will not get DDoSed by a botnet of fridges and toasters, though a few will certainly take hold.
- The Internet will not get DDoSed by a botnet of smartphones, as they will run out of power after an hour.
- Information Security jobs will not be filled rapidly, as companies will still be struggling to find staff, preferring managed services in many cases, where appropriate.
No, not everyone will be done patching Heartbleed, and no, the amount of services exposed to the Internet at the end of 2016, including SCADA systems, will not be lower than the amount of services exposed at the end of 2015.”
“We’ll see a greater gap between the well-managed and the poorly-managed, our security version of income inequality. The poorly-managed will continue to ignore, pay lip service, and rely mostly on controls. The well-managed will recruit teams directly or through partnerships and build effective programs.”
[su_box title=”About Rapid7″ style=”noise” box_color=”#336588″]Rapid7 security data and analytics software and services help organizations reduce the risk of a breach, detect and investigate attacks, and build effective IT security programs. With comprehensive real-time data collection, advanced correlation, and insight into attacker techniques, Rapid7 strengthens an organization’s ability to defend against everything from opportunistic drive-by attacks to advanced threats. Unlike traditional vulnerability management and incident detection technologies, Rapid7 provides visibility, monitoring, and insight across assets and users from the endpoint to the cloud. Dedicated to solving the toughest security challenges, Rapid7 offers proprietary capabilities to spot intruders leveraging today’s #1 attack vector: compromised credentials. Rapid7 is trusted by more than 3,700 organizations across 90 countries, including 30% of the Fortune 1000.[/su_box]