The State of Security: Reflections on 2015

It’s that time of year again – when we reflect on the events of the past year to assist us improve in the year to come. It’s been a wild 2015 for cyber security and we have a lot to learn from the year. With 2015 in the rear view mirror, let’s talk about how this year hit on the following three areas: Improvements and Incidents, Security Success and Future Trends.

Improvements and Incidents

Notable Attacks: With public attacks on government institutions (OPM and IRS) and healthcare (BlueCross), as well as revenge hacks (Ashley Madison and Hacking Team), it’s been a very interesting year when it came to breaches. It’s now clear that no one is safe from attacks, so having proper incident response procedures and teams available to defend against a breach is needed now, more than ever before.

Privacy Concerns: Everyone from your grandmother to the CEO is asking if their data is not only secured, but that it has adequate privacy protection. Privacy advocate, Edward Snowden, recently started a Twitter account that grew to over 1 million followers in about 24 hours. This shows the type of draw that privacy is now having among people. We’re also seeing major technology vendors use privacy as a selling point. Apple proved this recently when the FBI asked them to build encryption into their systems, which would allow the government the ability to have backdoor access. Apple, very vocally, denied the request and made sure to let the world know that they respect the privacy of their users. Privacy is huge and everyone is looking to keep their sensitive data out of the hands of those that it wasn’t meant for.

Phishing: We also continue to see that phishing is still a major issue. Most of the recent large breaches started with some type of phishing attack. Attackers are looking for the weakest link to infiltrate your organization, and that’s your users. Efforts need to be made to constantly educate users how not to fall for phishing schemes. Moreover phishing isn’t just via email anymore, it’s on social media, SMS, etc. This isn’t news to anyone, but it’s something that I fear will still see in 2016. This is your biggest threat right now to your business.

Security Success

SSL is Dead: This was the year that SSL was officially killed. It’s hung around for years, but due to new regulations this protocol has finally been killed off. This is a big win for security professionals who have been advocating for years to have this protocol removed from networks.

Cyber Security Goes to Washington: Politicians have woken up to the realization that cyber security is indeed an issue of national security. It’s been raised in the presidential debates, its been front page newsand numerous laws have been proposed. Despite how we feel about some of these laws the attention is a big win for our industry. Politicians are now asking the hard questions to determine the best way to move forward with the war on cyber warfare. It’s now the job of those in the industry now to guide them in making informed decisions on the matter.

Forecasting 2016

This is always fun to do, but there are a few areas that I think we’ll see take off in 2016. So let’s see how many of these actually come true.

Security and the Cloud: I think we’ll see a large shift of security services to the cloud. Everything from endpoint security, to identity management, web application firewalls, etc. These services have been slowly moving to the cloud, and so far we’ve made good progress. By 2016 it’s going to become the norm. We have finally hit the point where if a service isn’t offered as a cloud platform it’s loosing appeal.

Threat Intelligence: The same thing goes with threat intelligence. I feel that this year was a breakout year for the technology and that it’s now going to become integral to all security products.

Machine Learning and Behavioral Analysis: Lastly, I think we’re going to see a large influx of technology using machine learning and behavior analysis, instead of signatures, etc. This has started already, but this year it will continue to rise. Many AV/IPS vendors need to start assessing and adding this technology into their product offerings, or they’ll miss the opportunity and become obsolete.

We are now living in the golden age of security awareness which is huge win – we need to capitalize on it to keep us safe.

Here’s to a year past and another new year coming up. I wish you all continued success in 2016.