As 2015 draws to a close and we look ahead to 2016, it’s that time of the year when we look into our crystal ball and try to prognosticate predictions for the next 12 months. Fortunately, Bromium has some big brains and our erudite co-founder/CTO Simon Crosby has been busy putting pen to paper to share his 2016 security predictions with Forbes.
Unfortunately in most respects, 2016 won’t change much: users will still click on malicious links; IT will still be bad at patching; the bad guys will still attack; and the tide of misery from breaches will continue. What matters most is whether your organization will be a victim or not. Of course you could do nothing, and be lucky. But the only way to control your fate is to lead your organization to high ground based on a well-considered, security-first strategy.
As co-founder and CTO of Bromium, a cybersecurity solution focused on endpoint threat isolation, I have spoken with hundreds upon hundreds of CSOs and CIOs who recognize that the cybersecurity industry continues to repeat the same mistakes. Unfortunately, even though these CSOs and CIOs recognize the shortcomings of the security industry, their organizations tend to hold them responsible when something goes wrong — not the vendor.
Crosby also had the opportunity to share his predictions with The VAR Guy, which noted:
Cloud computing will become more relevant than ever as people understand the importance of automation in preventing errors: With an increase in cloud automation, enterprises are bound to see less human errors as people are removed from the day-to-day task of monitoring information, according to Simon Crosby, the co-founder and CTO of Bromium. While some form of human interaction is still necessary for the proper operation of cloud systems, Crosby believes that the less hands are touching sensitive data, the less chances there are for major mistakes.
With the change in how infrastructure is managed there is bound to be a change in spending habits and practices among enterprises, according to Crosby. This will cause a great deal of disruption among legacy security vendors as their products and services will be forced to evolve to meet changing market demands. Many of these legacy security vendors are bound to push back against this new way of thinking, but Crosby believes change is inevitable – for consumers, the real solution for securing infrastructure will be to allow vendors to build security natively into their solutions, rather than relying on patches and after-market corrections to ensure data security.
“Companies need to get out of the business of trying to patch things themselves,” said Crosby. “They need to let vendors patch them.”
Simon’s sentiment resonates with my own, which I had the opportunity to share with IDG Connect:
The biggest security threat is the endpoint; you can’t patch users.