There are some scary things happening in data security. Along with the rise of the Internet of Things there has been a corresponding push by hackers to wrest the cloud from us law-abiding folks.
“Gartner is predicting that 6.4 billion connected “things" will be in use globally by the end of 2016 - up 30 percent from 2015 - and that number is expected to reach 20.8 billion by the year 2020. As more Internet connected devices hit the market, so too do the vulnerabilities that come with them, as evidenced by highly-publicized incidents of 2015 where researchers exploited vulnerabilities in planes, guns, medical devices and automobiles.
As the Internet of Things market expands and innovates, researchers will continue to find and uncover exploitable vulnerabilities in these newly connected “things,” which will in turn continue to fan the flames of responsible disclosure.”- Information Management
Companies are having a difficult time finding data security pros who know how to conquer this new frontier of data security in this “every business is an IT business age.”
Information Management Magazine had some cool ideas on this front:
Consolidation of IT Security
Big companies are buying out medium companies and then these really big companies are eating all of the “little fish” in sight. Dell buys EMC. Cisco buys Lancope. They all begin to buy companies like Adallom, Aorato and Secure Islands. It’s not going to stop next year, in fact, it will accelerate.
“It’s worth noting that offering up a “one stop shop” experience is completely different than being able to integrate technologies together to offer a seamless user experience.” Will that seamless user experience include seamless security?
You’ve got a Certified Hacker on staff who has uncovered some issues that overlap into the public domain. How much are you legally (never mind morally) required to divulge to regulators and/or competitors? According to IM, this issue will only get thornier as 2016 progresses:
“White hat” hackers, hired to scope out flaws in systems, are already facilitating company / researcher relationships within the technology industry via bug bounty programs. However, it seems that many segments of the manufacturing industry would rather utilize lawyers to block research altogether than address the vulnerabilities that are uncovered. Another option for security researchers to consider is self-regulation, where they accept the risks and responsibilities associated with their findings.”
Smaller Businesses Up Security Spending
Remember the famous hacks of 2015? They were publicized more than ever before. Companies like "LastPass, Securus Technologies, VTech and TalkTalk (are being targeted by) cybercriminals because they’re seen as less secure, while oftentimes owning valuable customer data.” These cyberattacks will grow in 2016.
People in the Cloud Share Responsibility
If you deploy in the cloud you share security responsibilities. Small to medium companies are hiring internally or taking advantage of Cloud Services’ security add-ons in contracts. To get a quick primer, check out Amazon’s shared responsibility model.
The other items in Information Management’s list include improved incident response protocols including communications and crisis management to calm investors and consumers; and enhanced collaboration among our communities as “security professionals are utilizing tools and platforms in order to better share and collaborate on security research and uncovering and responding to threats.” The folks at IM “expect this to increase and become more formalized amongst organizations, industry verticals and individual practitioners over the next year.”
What trends would you like us to keep an eye on for you as a cutting-edge data security specialist or leader? Let us know! We’d love to include your favorite topics right here.Email me. Until then, stay safe!