Member Article

4 predictions for IT security in 2016

Intermedia’s Richard Walters looks at what 2016 might have in store for IT security:

1. Ye Olde Vulnerability In 2016 we can expect more extremely serious vulnerabilities identified in old code that will affect millions of computers and other devices - think Heartbleed and Shellshock all over again. Too much of the code that makes up critical ‘products’ is built and maintained by individuals, or very small teams, much of it was before secure coding guidelines were fully understood. Expect the next “WhackOverTheHeadWithAGrandPiano” to appear by the middle of the year.

2. Record January Data Sales Large scale data breaches will continue throughout next year, with personal data sales on an unprecedented scale starting in January. As long as large-scale service providers continue to build their own password databases, rather than storing passwords on silicon that can never be read (either individually or in bulk) and put profits ahead of the safeguarding of personal data, attacks will continue to be successful. All I want for Christmas is two-factor (or multi-factor) authentication everywhere – and please can I have simple push notifications rather than 6-digit One Time Passcodes – or is that asking too much?

3. Internet of Things – Holiday fun’s over Attacks on things, from home heating systems to domestic appliances to cars, will move from humorous, annoying and mildly disruptive to extremely serious. At least one attack against medical equipment or critical infrastructure, will take place. Did we learn anything from early WiFi devices’ complete absence of security and the carnage that followed? It’s time to build it in to the IoT. Now.

4. Next Year is all about You You and your identity. Identity and Access Management will become increasingly dynamic – flexible, automated and adaptable for the way people want to work today. Access requests will be examined in real-time. Contextual information about the user, device, location and geolocation will determine what level of access is given based on simple policies (but not advanced mathematical risk-based engines, yet). You might be able to view information at home but not export, download or print it. And if you’re in an untrusted location using an untrusted device and trying to access corporate financial information, you may just have to wait until you get to the office.

This was posted in Bdaily's Members' News section by Richard Walters .