A Look Back at Our 2015 Network Security and Compliance Predictions
At the beginning of every year we publish our predictions for what’s to come as well as resolutions for the New Year. As we conclude 2015, it is a time to reflect on what we predicted would happen in 2015 and see how we did.
Penalties Far and Wide
We predicted that in 2015, large financial penalties will reign as organizations continue to struggle to comply with regulations to not only monitor, but also prevent compliance issues in the first place. And that is exactly what happened. Target reached a $10 million settlement, Anthem faces a $1.5 million fine for its breach and AT&T was hit with a record breaking $25 million data breach fine. In 2016, we expect that this trend will continue.
Customers Want Security and Compliance Too
Your customers want to know their data is safe. They want you to comply with regulations and they want you to do everything you can to prevent cybercrime. We predicted this trend would continue and it has. Customers want proactive cybersecurity — not reactive analysis and temporary repairs. Findings show that companies are ramping up their spending to prevent cyberattacks after a string of breaches at financial firms and big retailers. This trend will continue.
Management Buy-In on Protecting the Crown Jewels
We also claimed that management buy-in would be increasingly important in 2015 in helping to understand first what is really important (i.e. customer data) and then being able to properly secure it. And that is what is happening. With the responsibility of network and data protection now sitting on the shoulders of the CEO, CIO, CTO and board with expectations that they take the fall in the face of a breach, it is even more important than ever to prioritize where you spend your time and money protecting data from prying eyes. This will provide a roadmap for which services and documents require more granular access control, where encryption must be applied, and determine how third party access controls and other security controls need to be enhanced for managing privileged access.
Get Your House in Order; Ensure Best Practices and Daily Security Measures Work
We also suggested that in 2015 CSOs and security departments needed to resolve to focus less on hunting for zero-day malware on their network or the threat actors behind it, and more on how they can limit the power of human end-users to wreak havoc. With cyber security now at the top of the agenda for enterprises, presumably they understand that all cybercrime is an inside job. Enacting a Zero Trust network to protect against cybercrime from both inside and outside of your network will help transform network security in 2016 and beyond.
Accessibility Compliance – Seriously!
Our in-house experts including Ken Nakata predicted that 2015 would bring further changes for accessibility requirements including changes to Section 508. And changes we saw. 2015 brought turmoil as the U.S. Access Board worked on the rule-making process for the next version of the Section 508 standard. Ken Nakata offered his advice on the controversial rules noting that the Access Board provides hardly any substantive guidance on how to map WCAG to software and electronic documents. We also saw new proposals just this month from the European Commission for a European Accessibility Act (EAA) which would be the farthest reaching accessibility law for information technology.
Learning From 2015 to Make 2016 More Secure…
There have been a number of lessons learned in 2015. In the New Year we’ll share our predictions for 2016. Stay tuned to see where we think cyber security is headed.