This commentary is the second of a three-part series featuring what cybersecurity thought leaders expect to see in the coming year.
Remember when weather forecasts were often wrong? Rain fell on many a picnic before technological advances finally enabled meteorologists to make accurate predictions.
Predicting cybersecurity’s future is likely to be at least as humbling as weather forecasting was in the old days. Everything could change in the twinkling of a virtual eye: a new hacking technique catching us unawares, or a disruptive innovation altering the landscape permanently (or until the next innovation comes along).
As with weather forecasters before and now, though, we don’t need a crystal ball to reasonably guess where cybersecurity is headed in the near future. Paying close attention to what’s happening now can give us a good idea of trends to follow, and where they’re most likely headed.
Here are some important developments I see occurring in 2016:
Cell phones as ‘pass phones’
In the never-ending quest to replace the password, we’ll likely see more opportunities to authenticate using our cell phones, instead —adding convenience and increased security to the user experience. Here are some “pass phone” technologies that may become more prevalent in 2016:
- Phone number/pass code authentication. Selected sites already allow us to log in using a phone number and a one-time-only code sent via text. Instead of the cumbersome and often-unsecure password, our phones verify our identities. And the code’s quick expiration — some 30 seconds after it’s sent — makes getting hacked highly unlikely, if not impossible.
- “Selfie” ID. Also growing in popularity, this feature lets you snap a “selfie” photo to verify your identity before proceeding with financial and other data-sensitive transactions. Facial recognition technology — used by some apps and sites to identify people in digital photos — matches your “selfie” with a photo already stored in the site’s data base. Technology combining facial recognition with other biometrics such as fingerprint ID and even the way users hold their phones will grow in sophistication and use.
- Automatic unlocking. Imagine opening your laptop and having it unlock automatically simply by detecting your phone’s proximity. Walk away with your phone, and the computer locks itself. Come back, and it unlocks again — without your having to type in a (possibly hackable) password.
A connected new world
Chances are greater than ever that many of you will adjust your thermostats using your phone in 2016, or keep an eye on your home via remote-access security cameras. You may have a refrigerator that alerts you when you run out of milk, or an app that lets you start your car remotely for a warm-up. Driverless cars almost certainly won’t become commonplace — yet — but your new vehicle should be able to talk to you, helping you to avoid traffic jams, perhaps, with alerts and alternate-route suggestions.
As many as 5.5 million additional objects will be connected to Internet every day in 2016, one security firm predicts — an increase of 30 percent over 2015 connections. The new horizon in the coming year: the workplace. As connectivity extends into our offices and industrial plants, we can expect not only more efficient lighting and climate control but also safer work environments, with sensors detecting when equipment needs repair or replacing, for instance. And, with companies racing to develop technologies to support this connected new world, we should see major advances in data processing and visualization, communication, and, yes, security.
[Read more: 5 cybersecurity trends to watch for in 2016, part 1]
‘Islands’ of data
Data, data everywhere: The staggering proliferation of data should continue, especially as devices on the “Internet of Things” collect and disseminate it for private and public benefit. Properly analyzed, all this data could be incredibly useful. Why do women live longer in Japan than in any other country in the world? Gleaning information regarding eating and exercise habits in that country as well as incomes, environmental factors and more, could help the rest of the world to understand what the Japanese are doing right — and to adjust our own behaviors accordingly.
International privacy laws, however, will continue to limit our ability to share data across borders. Already more than 100 nations have adopted laws governing the transfer of citizens’ personal information. With the E.U. set to issue its Data Protection Regulation in early 2016 and governments, including the U.S. adopting or at least considering similar (but unique) laws, sharing could become more difficult.
Instead, discrete “data islands” may form, separated by a morass of laws and regulations. Not only are these restrictions making it harder for us to see the big picture, but they could also undermine the way we conduct international business. Firms with offices in multiple countries will have to work hard to keep abreast of laws and regulations in all the locales we serve — and we’ll need to put on our thinking caps to figure out how best to balance the needs for privacy and security while serving our customers and clients.
More CISO ‘boarding’ calls
The chief information security officer is coming of age. In the rush to protect their data — now among an organization’s most valuable assets — a number of major corporations added cybersecurity experts to their boards in 2015.
In the coming year, I think we’ll see many more organizations sprinting to add CISOs to their boards as they realize the risks data breaches pose to their brands and bottom lines. Savvy CISOs will take note, increasing their knowledge and understanding of business so that, when asked to move from the backroom to the boardroom, they’ll be ready.
[Read more: Déjà vu for the CISO — and why, like CIOs, they need to start thinking like business people]
A brightening ‘cyber poverty line’
As major security breaches continue to make the news, many organizations are realizing the importance of strong, effective, comprehensive cybersecurity — and reeling at its price.
Good cybersecurity doesn’t come cheaply — nor, with the demand for cybersecurity specialists outpacing the supply, will the price likely drop in the coming year. But can any organization afford to skimp? Data breaches are said to cost companies on average $3.8 million for each incident.
Investing in a strong digital security program could make the difference for many companies in 2016. In the competitive race, we could see loss of reputation, litigation, and recovery costs hamstringing the cybersecurity “have nots,” while the “haves” — strong, secure, and resilient — pull far ahead. In which group will your organization or agency be?
These trends and others foretell exciting advances in cybersecurity in the coming year, and a possible shift from reactive to proactive; from rigid to resilient. Which developments do you think will have the greatest impact in 2016? How will you stay ahead of the cybersecurity curve?
JR Reagan is the global chief information security officer of Deloitte. He also serves as professional faculty at Johns Hopkins, Cornell and Columbia universities. Follow him @IdeaXplorer. Read more from JR Reagan.