Cyber security was never far from the news in 2015, and that is unlikely to change in 2016.

Similar documents
Cyber Risk Reduction: Why Automated Threat Verification is key

IT Governance: The Directors Cut. What Directors Need to Know

Compliance Guide: ASD ISM OVERVIEW

Fraud Prevention & I.T. Security

Case Study: The National Archives UK

Compliance Guide: PCI DSS

Case Study: Financial Credit Union

5 things to consider when estimating the ROI on cyber security.

Compliance Overview: FISMA / NIST SP800 53

Case Study: Managed Security Services Provider

How To Improve Your Security System Of Knowledge (Siem)

The Cyber Threat Profiler

Optimizing Network Vulnerability

Cyber security Building confidence in your digital future

Data Security: Fight Insider Threats & Protect Your Sensitive Data

Addressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense

Securing the Nation: Creating cyber security, resilience and readiness

Cisco Advanced Malware Protection for Endpoints

Best Practices to Improve Breach Readiness

Endorsed by: Sponsored by:

Redefining Incident Response

Industrial Cyber Security Risk Manager. Proactively Monitor, Measure and Manage Industrial Cyber Security Risk

Top 10 Anti-fraud Tips: The Cybersecurity Breach Aftermath

CYBER SECURITY, A GROWING CIO PRIORITY

Cyber security Building confidence in your digital future

Development of Technology for Detecting Advanced Persistent Threat Activities

Integrating MSS, SEP and NGFW to catch targeted APTs

Securing business data. CNS White Paper. Cloud for Enterprise. Effective Management of Data Security

IBM QRadar as a Service

Risk Analytics for Cyber Security

Government + Enterprise + Innovation + Strategy

End-user Security Analytics Strengthens Protection with ArcSight

AGENDA ITEM: B2. RSSB Board Meeting Final: 08 May 2014 Page 1 of 3. November 2011

BMC TrueSight Operations Management 10 for the Digital Age

Executive Summary 3. Snowden and Retail Breaches Influencing Security Strategies 3. Attackers are on the Inside Protect Your Privileges 3

The Benefits of an Integrated Approach to Security in the Cloud

Impact of Cybersecurity Innovations in Key Sectors (Technical Insights)

Table of Contents. Application Vulnerability Trends Report Introduction. 99% of Tested Applications Have Vulnerabilities

How to Build a Service Management Hub for Digital Service Innovation

Addressing the blind spots in your security strategy. BT, Venafi & Blue Coat

External Supplier Control Requirements

FFIEC Cybersecurity Assessment Tool

An Artesian Whitepaper

SPEAR PHISHING UNDERSTANDING THE THREAT

How to Prepare for a Data Breach

Malware isn t The only Threat on Your Endpoints

ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES

Overview TECHIS Carry out security testing activities

WHITE PAPER. Managed Security. Five Reasons to Adopt a Managed Security Service

Security in the smart grid

SERVICE OPERATIONS CENTRE: ENABLING DIFFERENTIATION BASED ON SUPERIOR CUSTOMER EXPERIENCE

TEASER INVESTOR DECK 500k SEIS+EIS ROUND. In partnership with

2016 Outlook of the Global Security Industry

Cyber Security Evolved

A strategic approach to fraud

ALERT LOGIC FOR HIPAA COMPLIANCE

How To Create An Insight Analysis For Cyber Security

RSA Adaptive Authentication For ecommerce

Cyber security in healthcare

Building the business case for continuity and resiliency

IBM Security QRadar Risk Manager

[ know me ] A Strategic Approach to Customer Engagement Optimisation

Information Security Services

Securing and protecting the organization s most sensitive data

Total exception management

Securing Internet Payments across Europe. Guidelines for Detecting and Preventing Fraud

Role Description Metro Operations, Data Analyst

Effective Information Sharing and Analysis Process

CYBERSECURITY IN FINANCIAL SERVICES POINT OF VIEW CHALLENGE 1 REGULATORY COMPLIANCE ACROSS GEOGRAPHIES

Kingdom Big Data & Analytics Summit 28 FEB 1 March 2016 Agenda MASTERCLASS A 28 Feb 2016

Supporting information technology risk management

Advanced Cyber Threats Demand a New Privileged Account Security Model Date: June 2013 Author: Jon Oltsik, Senior Principal Analyst

Compliance Guide ISO Compliance Guide. September Contents. Introduction 1. Detailed Controls Mapping 2.

PRIORITIZING CYBERSECURITY

Future Threat Landscape - How will technology evolve and what does it mean for cyber security?

By Hitachi Data Systems and DataCore

Vulnerability Risk Management 2.0. Best Practices for Managing Risk in the New Digital War

Cyber Security: Confronting the Threat

DETECT AND RESPOND TO THREATS FROM THE DATA CENTER TO THE CLOUD

WAN security threat landscape and best mitigation practices. Rex Stover Vice President, Americas, Enterprise & ICP Sales

IBM Security Strategy

CyberArk Privileged Threat Analytics. Solution Brief

Cloud Infrastructure Security Management

THE GENIUS OF DATA: MAKING INTELLIGENT SECURITY A REALITY

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

ISO27032 Guidelines for Cyber Security

A BUSINESS CASE FOR BEHAVIORAL ANALYTICS. White Paper

eeye Digital Security and ECSC Ltd Whitepaper

WhiteHat Security White Paper. Evaluating the Total Cost of Ownership for Protecting Web Applications

SECURITY ANALYTICS AND MORE Putting together an effective Incident Response plan

Managing internet security

Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst

2015 NETWORK SECURITY & CYBER RISK MANAGEMENT: THE FOURTH ANNUAL SURVEY OF ENTERPRISE-WIDE CYBER RISK MANAGEMENT PRACTICES IN EUROPE

CBEST/STAR Threat Intelligence

Applying machine learning techniques to achieve resilient, accurate, high-speed malware detection

the challenge our mission our advisors

Is your SIEM ready.???

Transcription:

Cyber Security Predictions for 2016

Cyber security was never far from the news in 2015, and that is unlikely to change in 2016. CURRENT TRENDS TO CONTINUE Despite various initiatives to increase cyber security skills and awareness, the reality is that the shortage of expert resources is also set to continue to be a challenge. Equally the number, frequency, duration and severity of breaches will continue to trend upwards. At Huntsman, we foresee a continuation of the spread of cyber-attacks to organisations and even industries that have not previously seen themselves as high-risk targets. MORE BUSINESSES IN THE FIRING LINE Government and the financial sector are obviously familiar with various kinds of sophisticated and targeted attacks but in the last few years we have seen Utilities and Critical National Infrastructure enterprises (CNI) in the firing line. The CNI sector has still got work to do in their cyber defence efforts according to a recent EU report, particularly their operational IT systems that are so critical. 1-2 INCIDENTS WAITING TO HAPPEN IN THE CONNECTED SOCIETY One of the other new technology trends looming is the rise of connected devices wearable technology market, home automation, connected cars and the Internet of Things (IoT) are all booming. In general, these devices are conceived by designers and manufacturers who are highly attuned to consumer needs. As a result they collect data, communicate automatically, make extensive use of cloud systems; yet security and privacy are not core considerations for these platform and device providers. Awareness of the vulnerability of networks in the exploitation of these devices is a key first step in any IoT cyber defence strategy. This means only one thing a greater attack surface for all of us, at home and at work. So at this point it would be wise to assume that in 2016 and beyond these technologies will start to be exploited as equally inventive attackers find ways to exploit them. 1 http://www.infosecurity-magazine.com/news/breach-notifications-eu-security/ 2 http://www.v3.co.uk/v3-uk/news/2438244/eu-agrees-security-laws-that-will-force-firms-to-disclose-cyber-threats 2 2016 Tier-3 Pty Ltd, All rights reserved

THE WAR ROOM TO THE BOARD ROOM There is increasing recognition at senior management and board levels that cyber security threats can result in direct as well as consequential and reputational costs depending upon how they are handled. As a result an increasing number of organisations will seek to leverage the skills and techniques used in the defence sector in their cyber efforts. It is now recognised that no single vendor s suite of technologies provides the security panacea; but increasingly integrated security solutions that enrich and complement multiple sources of intelligence are key to cyber resilience. In 2016, enterprises will start to talk about how these highly integrated solutions can reduce their time at risk by using technology that correlates across information silos to confirm the presence of inappropriate activities which would otherwise have gone undetected. QUANTIFYING CYBER RISKS FOR BUSINESS As the commercial implications of cyber threats become recognised by business stakeholders there will be strong momentum to speed up the prioritisation and response to those risks according to their potential impact to the business. Business needs to understand and quantify the business implications of a security incident much faster than is currently possible. Information about the commercial implications of a compromised host must be as available to the business as the potential exposure from a credit risk. This will force new thinking from solution vendors about the role of security technology, the way systems are monitored for attacks and the methods of response. In 2016 customers will seek technologies that deliver faster and more accurate security decisions so they can act on them more quickly. REDUCING TIME AT RISK It can take more than 200 days to identify a threat in your organisation and another 70 days to resolve it 3. Technology limitations and the shortage of scarce security specialists mean that the importance and exposure of businesses to cyber threats is being increased. Decisions will have to be made around which issues get routed to an analyst, which get handled by a third party service provider and which are addressed through technology. OVER-RELIANCE ON SCARCE RESOURCES There is a significant mismatch between the volumes of machine generated threat intelligence delivered to analysts and the human scaled processes they employ to piece together the information to verify threats. This overreliance on analysts and their painstaking manual processes will exacerbate the pressure on the limited number of experts currently employed in the sector. 3 2015 Cost of Data Breach Study: Global Analysis, Ponemon Institute, May 2015 3 2016 Tier-3 Pty Ltd, All rights reserved

REENGINEERING INCIDENT RESPONSE In 2015 trends shifted from multiple isolated devices delivering threat intelligence to analytics platforms for analysts to manually interpret security intelligence. In 2016 automating routine security operations elements will emerge to hasten the threat resolution process and free up experts to focus on more complex situations. Process automation can, of course, be seen as a threat to the status quo. However, it can also be a means by which the Incident Management process can deliver a significantly more efficient and streamlined threat resolution process. Through close integration of machine based analyses with human intelligence and insight, a hybrid process that meets the speed and accuracy required from the cyber security sector will result. Automatically quarantining an infected workstation is hard to justify when there is a meaningful likelihood that an alert is indeed a false alarm; but as the level of certainty around automated decisions increases so too is the likelihood that the next generation of automation will reduce reliance on the overworked security analyst. Click here to explore how Huntsman Security can help reduce your Business s cyber risk profile. Or visit us online at huntsmansecurity.com 4 2016 Tier-3 Pty Ltd, All rights reserved

Author: Peter Woollacott Co-Founder and CEO, Tier-3 Peter Woollacott is the co founder and CEO of Tier-3 Pty Ltd (now trading as Huntsman Security), the software company that holds the patent for Behavioural Anomaly Detection and developed Huntsman Intelligent Security. He has 25 years experience in operational and risk management with companies like Lend Lease, CBA, AXA, EDS, PWC and Bain International. Peter holds Masters Degrees in Applied Finance and in Business Administration, and lectures in executive post graduate education at Macquarie and Sydney Universities. Peter may be contacted at pwoollacott@huntsmansecurity.com Please visit the Huntsman Resources page at www.huntsmansecurity.com/resources for White Papers, Compliance Guides, Solution Briefs and more resources by this author. Huntsman Tier-3 Pty Ltd Asia Pacific EMEA North Asia Americas t: +61 2 9419 3200 t: +44 845 222 2010 t: +81 3 5809 3188 toll free: 1-415-655-6807 e: info@huntsmansecurity.com e: ukinfo@huntsmansecurity.com e: info@huntsmansecurity.com e: usinfo@huntsmansecurity.com Level 2, 11 Help Street 100 Pall Mall, St James TUC Bldg. 7F, 2-16-5 Iwamoto-cho, Suite 400, 71 Stevenson Street Chatswood NSW 2067 London SW1Y 5NQ Chiyoda-ku, Tokyo 101-0032 San Francisco California 94105 huntsmansecurity.com linkedin.com/company/tier-3-pty-ltd twitter.com/tier3huntsman 2016. All rights reserved. Huntsman is a registered Trademark of Tier-3 Pty Ltd

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information