Freely subscribe to our NEWSLETTER

“Businesses around the globe now face unprecedented threats from every kind of
hacker and cyber criminal,” said Greg Sim, CEO, Glasswall Solutions.
“We believe the next 12 months will see some of the most significant developments
in the history of cyber security as powerful new EU regulations loom and enterprises
realise their defences are dangerously unprepared and antiquated. 2016 promises to
be an extremely interesting year in which many new opportunities will emerge to
boost our collective security – the question is whether businesses around the
world will grasp them.”

The five predictions are:

(1) New Threats

Cyber security threats will continue to grow throughout the year, with email
attachments the most dangerous point of vulnerability for businesses without
effective defences in place. In 2015, cyber crime cost £36 billion and 94% of
successful attacks were conducted via email attachments.

Criminals will continue to steal insights from leaky documents, websites and social
media profiles for use in social engineering, targeting employees and turning them
into dupes who unwittingly assist in the hacking of their own companies by opening
files hiding malicious exploits.

As the cost of these attacks grows, we can expect to see a bigger effort within
businesses to understand the nature of the threat. For example, it comes as a
surprise to many that the vast majority (75%) of threats within files are not in
JavaScript, Macros or URLs, but in the manipulated DNA of the commonly used files we
use every day.

(2) A change in corporate culture

2016 is set to be the year when a change in culture sweeps through many
organisations in response to the growing sophistication of cyber-attacks. As we have
seen in the USA, C-suite jobs are now on the line and the forthcoming EU Data
regulations hold the executives culpable for the security of their organisation’s
data. The risk of loss of customer data and the knock on effects of supply chain
confidence, customer loss and even share price demise is now too great.

From top to bottom, organisations must shift attitudes and take back control of
document security. This will extend beyond the organisation’s own borders and into
the supply chain where cyber-security will become a major factor in the on-going
business relationship between organisations and their suppliers.

Within most organisations, a trusting culture has been bred, from sharing and
collaborating on documents to being accepting of incoming files and URL links. This
culture is commonly reflected from C-level executives down to the most junior
employee – with everyone at equal risk of becoming a target.

Decisions on what is safe will no longer rest with employees but will be a matter of
policy, determined in conjunction with experts in corporate cyber security
technology.

(3) Heads will roll, but the CISO will stand tall

Sadly, we can expect that continued reliance on outdated security solutions makes it
inevitable that a serious data breach will occur in 2016, leading to a minor
bloodbath in the C-suite.

Chief executives have been warned – they saw what happened to TalkTalk in 2015 –
but too few are walking the walk when it comes to boosting security in their own
organisations. A major loss of data or breach of old-fashioned perimeter security is
going to cost a chief executive his or her head in 2016.

By contrast, in organisations where security is taken more seriously, the role of
the Chief Information Security Officer (CISO) is going to have greater prominence.
More and more CISOs are going to be appointed and increasingly, they will report
directly to the CEO and ultimately sit within the board if information security is
to be taken seriously.

In businesses where they are already at work, over half of them report to the Chief
Technical Officer, demonstrating a real lack of urgency about cyber security at
board level. This has to change.

Steve Katz, a member of Glasswall’s advisory board and the world’s first Chief
Information Security Officer (Citigroup and JP Morgan), predicts a further
development in 2016. He says the year is likely to see the emergence of the Chief
Information Risk Officer, or CIRO.

“A single hacker only has to win once for an organisation to find its reputation
has been torched,” says Katz. “The havoc wreaked by some of these attacks leaves
such a trail of destruction that organisations never recover. Cyber security is now
about managing risk, rather than just security and the board-level role of the CIRO
should reflect that.”

(4) Regulation

The European General Data Protection Regulation comes into force in 2017, imposing
increased penalties and fines on companies which fail to protect data adequately, or
are subject to a breach.

In the first quarter of 2016, businesses will start to wake up to the potentially
enormous consequences of this first real overhaul of European data legislation in
two decades.

Minimum fines are likely to be set at two per cent of global turnover, with the
maximum running to five per cent. Had the TalkTalk breach occurred under the EU
regulation, the company’s fine could have amounted to £90 million.

In addition, the new regulation will impose disclosure of data breaches in the
public interest, meaning there is no hiding place for firms caught with their cyber
trousers down.

As businesses realise what is involved, we can expect to see them struggle to
achieve compliance throughout the year, scrambling to hire consultants or
investigate outsourcing solutions as 2016 draws to a close.

(5) Innovation

Amidst the backdrop of increasing threat levels, 2016 is going to be a great year
for cyber security innovation, replacing legacy and even relatively modern security
technologies which are failing their customers in protecting from the ever
increasing wave of sophisticated attacks. The new wave of sandboxing and advanced
threat analytics in particular are simply not working and Glasswall is seeing
evidence of this every day. The overwhelming feedback from the industry is that they
do not trust what they are being sold from the mainstream suppliers.

Expect to see innovation in security shift from USA-based companies, currently
regarded as the bastion of trusted security, to new innovative companies such as
Glasswall, referred to by the UK Chancellor of the Exchequer in his speech at GCHQ
in November, when he stated “excellent British companies” breaking new ground in
cyber security.

This is the year in which the best of those businesses fulfil the chancellor’s
vision of “an ecosystem in which great ideas get translated into great
companies.”

Reaffirming these views, industry analysts Frost & Sullivan stated in their 2016
predictions that “we can see widespread acceptance of a new approach to business
risk and cyber security, moving the focus from detection of “known threats” to
validation of the “known good.”