Forecasted Cybersecurity Trends of 2016
In the ever-evolving landscape of cybersecurity, 2016 promises significant changes and challenges for businesses across Europe. Here are some key trends that have emerged:
- Elevation of Cyber Security in Business: Cyber security is moving from a technical concern to a board-level debate, leading to increased investment and engagement. The Chief Security Officer (CSO) is transforming from a technical lead to a business risk leader.
- Shift in CSO Reporting Structure: There has been a significant shift in Europe, with 33% of CSOs/CISOs now reporting to someone other than the CIO, compared to 50% in 2012. This change reflects the growing importance of cybersecurity in business strategy.
- Focus on Supply Chain Security: With many breaches traced back to weak links in the supply chain, there is an increasing focus on assessing the risks created by partnerships, qualifying shared resources, and shoring up shared services.
- Shrinking Business Networks: Businesses are moving away from large, complex networks to outsourcing, 'cloudsource' and consumerizing their IT systems. This shift presents a new cybersecurity learning curve.
- Security Investment Requirements: By the end of 2016, businesses handling more than 5,000 EU citizen records will be required to have security capabilities aligned to the current state of the art. European organizations, particularly medium and large companies in sectors considered essential for society and the economy, will be particularly affected by these requirements.
- Growth in SaaS Resources: There has been a 46% growth in organizations leveraging SaaS resources in the last year, indicating a shift towards digital entities and cloud-based systems. This growth brings increased pressure on businesses to keep pace and prevent incidents.
- Nation-State Attacks: There is growing concern about businesses being caught in the crossfire of nation-state attacks, particularly those that form part of critical national infrastructure. Nation-state groups are looking to commercial cybercriminals for innovative techniques and undisclosed vulnerabilities.
- Diverse Reporting Structures for CSOs: In recent times, CSOs have reported to the general council, CFO, and directly to the CEO, reflecting the commercial and legal implications of cyber security.
- Cybercrime Evolution: Cybercrime is starting to leverage more advanced concepts from APT attacks, such as multiple components to avoid detection, and focusing on more implicit targets. Attackers have recently focused on hacking into automotive systems, and businesses should expect more focus on smart devices as they become our digital hubs.
- Regulatory Impact: The Network Information Security Directive and General Data Protection Regulation Reform will have a significant impact on cyber strategies in the EU in 2016.
- Confusion over Security Capabilities for Businesses in Supply Chains: With the rise of nation-state attacks, there is expected to be confusion over the level of security capability required for businesses in the supply chain, as well as questions about funding models.
As the volume of cybercrime follows the growth in mobile payments, businesses must anticipate and prepare for these trends to protect their assets and maintain the trust of their customers.
