As 2016 nears the end, it would be satisfying to gaze back on all the successes that organizations have had in combatting the rising tide of data risks. Sadly, that tide keeps on rising. Data breaches in 2016 are already up 31% over 2015 figures, breaching over 35 million records, a figure set to rise to 1.35 billion breached records with the news of the massive breach at Yahoo. Indeed, we close out 2016 with the biggest data breach in history, although it took 3 years to even find it.
At the end of 2015, we predicted that the attack surface would continue to expand, that Shadow IT would grow, and that people would continue to remain the top source for breaches. Our predictions have held true. Although we also predicted the increased involvement of C-Suite executives and the use of security intelligence, these changes have been gradual and have yet to make a dent in this continued rising tide of security issues.
The data security landscape continues to change and become more complex. In 2015, we talked a great deal about protecting data on the endpoint. Now, that conversation alone is shifting. In 2016, we recognize that the traditional endpoint is only part of the growing attack surface, complicated by the growing use of highly insecure Internet of Things (IoT) devices and amplified by the use of the Cloud. The endpoint is now an access point to corporate data in the Cloud, as well as on the corporate network and the device itself.
Gazing into 2017, all will be set to change again. Absolute’s Richard Henderson had a chance to contribute to an SC Magazine Series on ‘Gazing Ahead: Security Predictions,’ passing along his top 5 predictions for the year ahead.
Data security is a major challenge right now. As Richard noted in his predictions, “defense is a seemingly herculean feat: defenders have to get it right 100 percent of the time. attackers? They only need to need to be right once.”
The solution is not straightforward. Education, clear policies, and layers of technology will provide a defense-in-depth strategy to combat as many threats as possible, with redundancies on high-risk areas such as the endpoint. As many reports have pointed out in 2016, security is not a “set it and forget it” situation, but rather a process that requires continual upgrades and monitoring. Automating as much as possible and simplifying your oversight will be key to ensuring your data security program remains manageable.