Industry Perspectives

Predicting the Future Without a Magic 8 Ball: Ransomware, Endpoints and Employee Shortages

Protecting against hackers in 2016 will be easy … as long as you have enough trained security staff, a healthy cyber insurance policy in place, and can assume that governments aren't actively building their own cyber armies. If you can assure all of that, your enterprise shouldn’t have a thing to worry about.
If not, 2016 may present some challenges you aren’t prepared for. We recently discussed what we expect to see next year in our webinar, Top 10 Security Predictions for 2016, which featured Bryce Boland, FireEye CTO Asia Pacific. In this 40-minute webinar, Bryce answered more than 30 audience questions ranging from regulatory penalties for Boards to iOS updates and everything in between. See below for a sample of the questions asked during the Q&A:

Question:  Just read an article about RaaS (ransomware) being offered now... What do you think about this trend?
Bryce:  This is a growing trend, with multiple niche businesses in the underground supporting a wide variety of attack types and monetization. Its going to get worse as long as criminals can move faster than international police forces, and as long as the people behind these services mostly remain free to enjoy their earnings.
Question:  What sort of business opportunities do you see with CyberSecurity Insurance Companies, if any?
Bryce:  My main theme with insurance is improved baseline security controls to be eligible for the policy, and having access to incident response resources with costs covered when a breach is identified. We know breaches will occur, so it becomes more a case of can you detect it before the breach has a significant business impact.
Question:  Would regulatory penalties for Boards of Directors be enough to convince them to focus on cyber security, or would they just continue to pay the cost of penalty rather than security?
Bryce:  Great question. In my experience, the penalty has to either be materially relevant to the organization, or materially impact the individuals involved. The EU recently agreed on penalties up to 2% of revenues for data breaches, which is significant. More powerful would be sanctions preventing directors holding directorships in listed companies if they fail to oversee security effectively - although that is much harder to demonstrate in practice.
Question:   Do you expect endpoint as a service being a big hit in the future?
Bryce:  Anywhere you have an aggregation of control or data, criminals will be interested in taking advantage of that. The providers should be especially vigilant, and put in place protection and detection mechanisms to limit the likelihood and extent of criminal cybercrime.

Missed it? You can view the webinar here and download a free copy of the Predictions PPT.  For more information, please contact Nhien Le, Sr. Campaign Manager, FireEye.