10 Security Predictions For 2016

Hot Market To Stay Hot

While 2015 was an intense and exciting year for the security market, all indications point to 2016 being even more so. New threats such as a rise in ransomware and an expanding attack surface through the Internet of Things are driving technical changes in the way that businesses are investing in security and are even causing the public sector to pay attention (and meddle) in ways it hasn’t in years past. Partners can also expect to see changes in the security vendor landscape. One thing is for sure -- security is the place to be for solution providers in 2016, and there’s plenty of opportunity or all. Here’s a glimpse at some things CRN predicts you will see in the year to come.

10. Ransomware On The Rise

Security experts agree: Ransomware will be a threat vector on the rise in 2016.

"It is going to continue. It is growing," Intel Security EMEA CTO Raj Samani said in an interview with CRN.

Two factors are helping push that trend forward in the coming year. First, ransomware attacks are incredibly profitable for attackers, netting hackers more than $18 million from 2014 to 2015 with Cryptowall ransomware alone, according to IBM research. Second, getting that money is becoming even easier for hackers, with a rise in ransomware-as-a-service, which lowers the barrier for entry for less sophisticated attackers.

9. Internet Of Things Will Continue To Be A Concern

While it isn’t a new trend, the continued rise of the Internet of Things will continue to be a growing security concern in 2016. The past year saw multiple high-profile hack examples of connected devices, including cars, children’s toys and much more. With millions more devices entering the market every year, many of which aren’t built with a security-first development mind-set, security professionals have a responsibility in 2016 to help protect their clients, said Richard Ford, principal engineering fellow and chief scientist at Forcepoint, formerly Raytheon|Websense.

"We need to make sure that we embrace these technologies, but that we embrace them safely. … I, as a security person, need to figure out how to help bring these technologies to businesses in a way that is safe but still allows them to develop," Ford said.

8. Increase In Hacktivism

Attacks aren’t just for financial gain anymore, and businesses can expect to see a rise in so-called hacktivism in 2016. RSA President Amit Yoran said businesses need to be on the lookout in 2016 for avenues of attack that aren’t purely financial, but might be for competitive or ideological reasons. Particularly ripe fodder for that type of attack could be the upcoming election, multiple security experts agreed.

7. Data Security Takes A Front Seat

In 2015, there was a concerted move by much of the security industry away from the idea of perimeter protections. As a part of that, companies started to shift toward a mind-set that recognized that attackers would inevitably break into the network, and they needed to focus their efforts and money instead on protecting the data "crown jewels." In 2016, that trend will accelerate and data theft prevention will be ready to "cross the chasm" to the mainstream as businesses of all types continue to be the victims of a seemingly endless stream of data breaches, said Forcepoint’s Ford.

6. Change In Tone Around Cloud

In the past, the cloud had a reputation for being less secure than its on-premise counterparts, a perception that partners said was often a barrier to getting clients to move to the cloud. However, that reputation started to shift in 2015 and businesses are starting to see the cloud as more of a security asset. Going into 2016, experts said they expect to see the growing simplicity of the cloud as a draw for solution providers and their clients.

5. Growth Of Cyberinsurance Market

In 2015, the average cost of a data breach for a company was $3.79 million, up 23 percent from the year before, according to a study by IBM and the Ponemon Institute. As breaches seem almost inevitable for many businesses, companies are now looking to mitigate some of the risk and cost that will be incurred in the aftermath through a budding market for cyberinsurance. The challenge, though, is the market is still very immature and insurance companies have yet to develop a reliable model to quantify how much of a business is at risk of a cyberattack. What makes risk analysis for cyberinsurance particularly tricky, Forcepoint’s Ford said, is that unlike a risk assessment for automobile or other forms of insurance, a company’s cyber-risk can change overnight in a fairly random way. That is something insurance companies will have to figure out in 2016 if the market wants to mature, Ford said.

4. Consolidation

Consolidation on two levels could be coming in 2016. With an exploding market for security startups, the market is ripe for consolidation of some of the smaller, more feature-based companies into some of the larger players, or banding together for more comprehensive solutions. The security industry can also expect some blockbuster acquisitions on the horizon, with rumors of FireEye looking for a buyer and Symantec looking to make some big purchases early in 2016.

3. Targeting The SMB

While big enterprise breaches have grabbed headlines in years past, they are not the only targets. As enterprises ramp up their security investments, experts said the market can expect to see more small- and midsize-business hacks. While not as large and financially lucrative as a larger enterprise, SMBs usually have less protection and are therefore relatively low-hanging fruit for a hacker, who can then continue on to the next business.

2. Public Policy Paying Attention

Starting in 2015, policy makers started to pay a lot more attention to the security industry (for better or for worse). We saw debates re-ignited around encryption, data privacy, surveillance, information sharing and more, though few of these topics got any resolution. With an upcoming election cycle and events such as the Paris terrorist attacks that are triggering the resurgence of important security debates, 2016 will be a year when these conversations likely come to a head and find some sort of resolution. Whether that will be a win for the security industry remains to be seen.

1. Critical Infrastructure Attacks

The hype around critical infrastructure attacks has been present for quite some time, with the vulnerabilities clearly already there for the threat to become reality. That threat has been greatly compounded by the addition of IoT devices and other industrial control systems, RSA’s Yoran said, and makes an attack on critical infrastructure in 2016 "increasingly likely." When combined with a predicted rise in hacktivism in 2016, Intel Security’s Samani agreed that the risk for a critical infrastructure attack is "significant" in the coming year.