Security in 2016 - The Threat Landscape Has Changed

Security, blah, blah, blah – I hope this information does not come across as beating the same old security drum as there are real threats that have evolved and most of us (today) are not prepared. For example, at the 2015 Dell Security Conference they estimated that 40% of all Internet traffic is encrypted (even Google.com, YouTube.com and other common sites are encrypted using https), although the majority of firewalls deployed in the world today cannot filter encrypted traffic. What this means is that if a hacker would like to bypass your firewall, all they have to do today is encrypt the payload and your firewall is essentially blind to the malicious content being downloaded.

“By 2017, more than 50% of network attacks will use SSL/TLS, yet most organizations lack the ability to decrypt and inspect SSL communications to detect threats.” - Gartner

The Payment Card Industry (PCI), the Medical Industry (HIPAA) and others know this and have already or will be updating the compliance guidelines to put pressure on implementing additional security measures. There are several key areas of security that you should expect to impact you in 2016:

  • Mobile Security – how to protect mobile devices that have access to corporate networks.
  • Two Factor Authentication – especially for remote access.
  • DPI over SSL – Deep Packet Inspection over Secure Socket Layer Internet traffic – which means most organizations will need to upgrade their firewall or at the very least implement additional features on their existing firewall.
  • General encryption of laptops and/or desktops that have access to or could potentially store sensitive/protected information.
  • Staff Education around Security Practices – Social Engineering is the easiest way to bypass strong technical security solutions.

While this is a short list, we felt that the above items will have some impact on nearly every small to medium business in the next two years; and for organizations who are subject to regulatory compliance, expect to be impacted sooner than later in 2016.

Here are some additional articles that reference how security (or lack thereof) is impacting the world: