Security Expert Predicts Four Critical Cyber-Trends for 2015

December 17, 2014

Cybersecurity is guaranteed to make big headlines in 2015, according to one computer fraud expert.

Why? Just look at 2014, says security pro Kent Schneider. Home Depot. Target. Staples. Sony. Schneider says that with so many major companies getting hacked over the past several months, it's no wonder "60 Minutes" called 2014 the "year of the data breach."

Schneider, former international president and CEO of the Armed Forces Communications and Electronics Association (AFCEA), says that while 2014 was a landmark year for data breaches, 2015 could be even more significant. "Over the next year, we'll see numerous new incidents," Schneider predicts, "but we'll also see movement toward building a new infrastructure designed to fix the system."

Schneider predicts four notable milestones will impact cybersecurity in 2015:

More breaches. At an October cybersecurity event cohosted by the U.S. Secret Service, the FBI and the Financial Services Roundtable, officials reported that hackers have stolen more than 500 million financial records in the last year. But that was just the beginning, Schneider says. Joseph Demarest, Jr., assistant director of the FBI's cyber division, made a blunt prediction to event attendees: "You're going to be hacked." Schneider agrees: "It's not a matter of whether, but when."

The EMV chip credit card rollout. In an attempt to stem credit card fraud, U.S. issuers are replacing traditional cards with the EMV chip-enabled cards already in use in Europe and around the world. The majority will be shipped to consumers ahead of the October 2015 deadline when retailers and card issuers could become liable for credit card fraud losses if they don't upgrade to the new system. While the EMV rollout may cut down on card counterfeiting, it only treats a symptom, not the disease itself. "It won't fix the fundamentally flawed system, in which fraudsters exploit insecure rights management and access controls," Schneider says.

Working to remove human error and criminal intentions. Many of the notable breaches in 2014 happened because the wrong people had too much access to private data, Schneider says. In most enterprises, effective rights management and access controls are lacking and not integrated with existing systems, which is a major issue since up to a third of cyber-crimes are committed by insiders. According to Schneider, one of the most effective methods of fixing the system will be to lock the human element out of security systems – as least the parts where human error or malicious behavior can cause problems.

Diminishing the role of the password. Schneider predicts that professional cybercriminals will continue to get smarter, but thankfully, so will security technology and processes. He points to the importance of creating an unbroken chain of trust between the user and the enterprise in order to remove any holes for a cybercriminal to exploit. "An essential way to close the gaps is to remove our over-reliance on passwords," Schneider says. To that end, enterprise security is moving toward biometrically enabled credentials for each user – a retinal scan, fingerprint, facial recognition or voice print for every access session. "Most data breaches occur through impersonation of a valid user, and in most enterprises the current ID verification – often simple user IDs and passwords – is woefully inadequate," he says.

Schneider says 2015 won't be boring when it comes to cybersecurity. "I predict that industry and government agencies who have responsibility for securing computer systems will be looking for more than the patchwork and plug-the-dike approaches we've seen over the past few years. Consumers are demanding better security for their data, and industry must respond," he said.

You must login or register in order to post a comment.

ON DEMAND: DevSecOps creates an environment of shared responsibility for security, where AppSec and development teams become more collaborative. With the right training and tools, developers can become more hands-on with security and, with that upskilling, stand out among their peers... however, they need the security specialists on-side, factoring them into securing code from the start and championing this mindset across the company.

ON DEMAND: The insider threat—consisting of scores of different types of crimes and incidents—is a scourge even during the best of times. But the chaos, instability and desperation that characterize crises also catalyze both intentional and unwitting insider attacks. Learn how your workers, contractors, volunteers and partners are exploiting the dislocation caused by today's climate of Coronavirus, unemployment, disinformation and social unrest.

Security Magazine

2020 September

This month in Security magazine, we bring you our 2020 Most Influential People in Security annual report, where we highlight 22 industry leaders, their path to security, careers, goals and guidance for future security professionals. Industry experts discuss the evolution of ransomware, houses of worship security, cybersecurity standards, security careers in investigations and the unifying power of security. Diane Ritchey, past Editor-in-Chief, says goodbye and thank you to our readers.

View More Create Account

Security Expert Predicts Four Critical Cyber-Trends for 2015

Related Articles

Report Abusive Comment