The Evolution of Cybersecurity: A Look at One Leap Year to the Next
This year you may have noticed that February 29th has made an appearance on your calendar – that’s because 2016 is a Leap Year!
When it comes to the cybersecurity landscape, a lot has changed in the four years since the last Leap Year. Below I’ve taken a look at five areas in which the cybersecurity landscape has changed since 2012.
Cloud Security: From Adoption to Lines Being Redrawn
2012: Industry experts expected an increase in cloud data security adoption, which would impact the way data security is approached by companies and provided by vendors. The rise of the hybrid cloud also started to come into play, due to its added agility and security benefits. In addition, as a result of the explosion of APT (News - Alert) attacks against high-profile companies and government agencies in 2011, APTs were expected to become even more predominant in 2012.
2016: Between Safe Harbor being struck down and a new Safe Harbor framework, the E.U.-U.S. Privacy Shield, coming to fruition, residency and data sovereignty laws are a big topic of conversation. As surveillance becomes public knowledge, increasingly rigorous data residency laws are ahead. In addition, with the development of new technologies and evolving Cloud Access Security Broker (CASB) solutions, lines will be redrawn on what applications and operational business use cases are cloud-compatible. Companies will use the cloud more aggressively for functions where it was inconceivable to consider cloud even a few years ago.
The Cybersecurity Debate in Washington
2012: The most comprehensive cybersecurity legislation at the time, The Cybersecurity Act of 2012, was voted down by the Senate in a 52-46 vote. When this happened, many believed the Senate’s shut down of the bill would block any chance at cybersecurity legislation passing that entire year, and maybe for years to come.
2016: Fast forward to 2016, and the atmosphere in Washington is much different. In October 2015 the Senate passed the cybersecurity information sharing bill, on a 74-21 vote. In addition, in 2016 the White House unveiled the Cybersecurity National Action Plan (CNAP) to fortify America's digital defenses.
Breaches Just Keep on Getting Bigger
2012: 2012 saw a number of big breaches for some major companies with millions effected. Retailers and major credit card companies suffered data breaches that set the stage for what was to come. At this time, attackers were primarily stealing credit card information and selling it on the black market.
2016: In four years, the attack landscape has shifted significantly as the healthcare and financial services industries are now being hit hard. There has also been a shift in the type of information hackers are stealing. Information contained in health care records has a much longer shelf life and can be leveraged for identity theft. Unlike financial data, which becomes worthless the second the customer detects the fraud and cancels the card, Social Security numbers can't easily be cancelled, and medical and prescription records are permanent. There is also a large market for health insurance fraud and abuse, which hackers have honed in on.
BYOD Security vs. IoT Security
2012: Four years ago, the rise of bring your own device (BYOD) was at its height, resulting in the trend growing in popularity in the workplace. As a result, the industry was fixated on how this growing trend would create potential compatibility headaches for IT departments and the security risks involved with employees working on their own personal devices, accessing private company data.
2016: While BYOD security concerns continue to grow, experts are directing more of their attention to the rise of machine-to-machine attacks. Research company Gartner (News - Alert) predicts there will be 6.8 billion connected devices in use in 2016, a 30 percent increase over 2015. The sheer number of connected devices, or the "Internet of Things," presents an unprecedented opportunity for hackers and many believe we are facing a massive problem moving forward for growing attack surface.
Would you be interested in connecting with an executive from Blue Coat (News - Alert) to discuss this topic in more detail? With Leap Year less than two weeks away, I thought an article on this topic would be an interesting piece for your readers. Blue Coat can also look ahead to what the next four years will hold in store in the fast-changing world of cybersecurity.
More Network Attacks Use Encrypted Traffic to Bypass Controls
2012: SSL/TLS encryption was, and still is, widely used to secure communications to internal and external servers but can blind security mechanisms by preventing inspection of network traffic, increasing risk — a risk that lacked, and still lacks awareness by organizations. In 2012, attackers were preying on the security gaps created by encrypted traffic — and they are doing so increasingly today.
2016: The rapid adoption of cloud apps and services dramatically expands and complicates the IT environment, accelerates SSL/TLS encrypted traffic use, and expands the risk surface for attacker exploitation. Modern applications such as social media, file storage, search and cloud-based software increasingly use SSL/TLS as their communications foundation. Monitoring and scouring these applications and services for malicious content and activity is highly recommended. In fact, Gartner predicts that in 2017 more than half of network attacks targeting enterprises will use encrypted traffic to bypass controls.
Edited by Maurice Nagle