In 2015, mega- breaches worldwide illustrated that today's cybercriminals are skilled and sufficiently resourced to carry out highly successful attacks. Their efforts have turned cybercrime into big business, with private information being stolen on an epic scale.
So what's the outlook for breach prevention and detection in India in the new year?
"he 2016 risk mitigation plan must include a combination of micro and macro efforts from vendors, security practitioners, government bodies, industry bodies, regulators and think tanks
"Enterprises are less prepared, less equipped to offer hackers an easier route to sneak into the systems," says J Prasanna, director and founder of Cyber Security and Privacy Foundation Pte. Ltd.
I asked a number of experts for their predictions for data breach and security trends in India for the year ahead. Here's a summary:
Expect More Attacks on the Cloud
"As organizations use the 'as a service' model, many of their most sensitive applications and data reside in the cloud," notes RSA President Amit Yoran.
Aggregation of this valuable data from many companies is an incredibly lucrative target for cybercriminals. It also creates a need for third-party risk mitigation techniques.
But Prasenjit Saha, CEO of infrastructure management services and security business at Happiest Minds Technologies Pvt. Ltd., tells me: "Lack of a standard, secure coding process in the application development life cycle is a challenge. Critical issues cannot be addressed. There's no coordination/skills available."
Developing a team that understands the application development life cycle process, security and design aspects is a challenge. Nevertheless, security challenges must be addressed at the design stage to combat new threats.
Biometrics Will Approach Tipping Point
The past two years saw the use of biometrics rise, says Tarun Kaura, director, solutions product Management, APJ, at Symantec. This trend will continue, with major industry players implementing new capabilities - both with new sensors in devices and adoption of biometric authentication frameworks, including FIDO and Touch ID, Kaura tells me.
Biometric security will facilitate secure on-device storage of information, such as fingerprints, and interoperability between apps and systems, he predicts.
Will Indian enterprises adopt biometrics and reduce their dependence on passwords?
There will be some early adopters, predicts Rajesh Maurya, country manager-India and SAARC, at Fortinet. More organizations are investigating emerging technologies, he says.
Risks of Attacks to Critical Infrastructure Will Increase
Indian bureaucrats anticipate that as Prime Minister Modi's Digital India initiative progresses, attacks to critical infrastructure will increase.
Symantec's Kaura concurs that attacks on India's infrastructure will multiply, with nations and political organizations operating cyber warfare campaigns and criminals attacking for profit or ransom.
A persistent cyberattack on critical infrastructure could play havoc. The challenge is to find new ways to mitigate risks.
"Critical infrastructure and information is the board's responsibility - it must protect and secure these," says Sachin Burman, director at India's National Critical Information Infrastructure Protection Centre.
Cyber Insurance Demand Will Grow
Two key factors contribute to the growth of rapid adoption of cyber insurance: new regulations that obligate companies to respond to information breaches and the increase of cyber criminals using stolen information for payment fraud, identity theft and other crimes.
Symantec's Kaura says relying on IT defenses alone can create a false sense of security. That's why many companies will seek cyber insurance as another layer of protection.
During a recent roundtable I conducted on threat detection, a CISO of an insurance company said a customer had signed a $100 million policy that protected its reputation and operations if it experienced a breach.
Threat Intelligence Sharing Will Improve
Threat intelligence sharing is gaining impetus. And legislators may soon take steps to enable companies and governments to more easily share threat information.
The development of best practices will accelerate, metrics for success will emerge to quantify protection improvement and threat intelligence cooperatives between vendors will expand.
India will soon have an information sharing act establishing a process for the government to share information with businesses volunteering to be part of the program; similar legislation could prove important for protecting India's critical infrastructure.
How can we defend organizations against emerging threats?
For starters, experts recommend the use of two-factor identification as the norm. But L S Subramanian, founder of NISE, a cybersecurity consulting company, says, "You must be prepared, be on top of your security posture and invest in skilled cybersecurity professionals to protect your business."
Security practitioner Niti Sethi, director-operations, MetLife Global Operations Support Center Pvt Ltd, says cloud security needs must be kept in perspective as more critical applications run from the cloud and more firms outsource their IT services.
India's critical infrastructure, including energy, defense and transportation, must be secured.
A systematic approach must be taken to list the priorities of a risk mitigation plan for 2016 and beyond. That plan must include a combination of micro and macro efforts from vendors, security practitioners, government bodies, industry bodies, regulators and think tanks. An overall posture of information assurance, which affects every department and organization, will prove essential.
Agree or disagree? What's your perspective on the security outlook as we burst into this New Year?