The price for effective cybersecurity could double over the next three years, as threats become more sophisticated and cybercriminals aim for both economic gain and geopolitical disruption, according to an assessment conducted by Coalfire, a security consulting firm.
“As 2014 ends, it is clear this was the year everything changed in the world of information security,” said Rick Dakin, Coalfire’s CEO and chief security strategist. “As high-profile data breaches were announced one after another, consumers stopped believing companies took protecting their information seriously. It’s time for companies to start looking ahead at the next generation of threats and to step up their game to better protect consumer data. The threat landscape is continuously evolving. If you don’t already have threat intelligence and response plans ready for implementation in 2015, now is the time.”
Based on over 1,000 investigations performed by Coalfire, Dakin predicted an escalation in the targets of and tactics used by criminal organizations. Businesses and governments will be facing “offensive” cyber attacks by hackers – who are in some cases state-sponsored and out to dismantle national security defenses. Cyber crime isn’t the only risk, he explained, “cyber warfare” and “cyber terrorism” become increasingly more likely every year.
Dakin noted that defenses and the executives wielding them must continue to change in 2015. Cybersecurity solutions will be considered and selected with an eye toward reducing risk – and understanding the impact that failure to do so will have on a company’s financial performance and risk profile. The information technology sphere is also evolving in organizations, with a “balancing of responsibility” between chief information officers, chief technology officers, and chief information security officers. Rather than one person being responsible for all three fields, Dakin predicted a “three heads vs. one” approach as large companies realize they need each type of expertise. Organizations need to be building systems that, if not impenetrable, offer a chance to detect, identify, prevent, and prosecute hackers.
Just as 2014 marked a major year for high-profile data breaches, Dakin said he anticipates 2015 to feature “new (and previously unforeseen)” security failures related to bring-your-own-device (BYOD) trends, cloud computing and the Internet of Things.
Dakin highlighted a few positives in Coalfire’s report. Cyber events have become so prevalent that more rigorous monitoring of individuals’ identities, credit and the threats that exist is likely to be the subject of legislation, or mandated by financial institutions or insurers taking on more risk. Newer, better authentication, encryption and a shift to EMV card technology promise results, as does more cooperation between stakeholders in the fight against cybercriminals.
“There will be an increased use of crowdsourcing, machine intelligence, and cognitive/advanced analytics to detect and stay ahead of threats. Bounties for catching bad actors and advanced algorithmics will help the ‘good guys’ identify and stay ahead of the hordes of malicious players,” said Dakin.