To ring in the New Year securely, Coalfire has released its top five cybersecurity predictions for 2014. Rick Dakin, the company’s chief security strategist, created an analysis of more than 1,000 audits and forensics investigations from this past year.

 “We are certainly going to have more cyber security challenges ahead, but many enterprises are not yet prepared to either identify or respond to the emerging risks,” said Dakin in a statement.

1. There will be a significant security breach at a cloud service provider.

Next year business owners should recognize the increased necessity of evaluating risk within third-party cloud service provider (CSP) systems and in provider relationships to protect trade secrets and prevent intellectual property.

2. The migration from compliance to IT risk management will accelerate.

Although the supply chain will incorporate new solutions that will introduce new risks, the maturity of cyber security within most large corporations will continue to accelerate. So, risk and compliance management firms must better align to the business needs of their clients.

3. New threats will change security programs from static to proactive monitoring.

In 2014 there will be many virulent types of attacks. The damage from those targeted attacks will be serious enough to drive migration from static border protection and access control-based security programs, to dynamic programs that analyze new threats daily and push forward upgrades.

4. There will be an increase in malware for Android phones and iPhones.

Today, there is no adequate security to protect users from the threats that are known. Plus, there is a lack of awareness among consumers about the risk potential for malware. In fact, a recent study found that 80 percent of smartphones are unprotected from malware. Threats will undoubtedly continue to increase in the New Year.

5. Data breaches in healthcare caused by Business Associates will increase.

The Omnibus Rule required that all BAs be Health Insurance Portability Protection Act compliant by Sept, 23, 2013, yet many BAs don’t even know they are a BA, or that they are now liable for data breaches caused by the mishandling of electronic protected health information (ePHI). Many BAs are simply ignoring the requirements, which will lead to multiple data breaches in 2014.


For more on cybersecurity, check out these articles:

Cyber-insurance: Mitigating the dreaded Friday night phone call

FTC pushes to become regulating body of cybersecurity

Cybersecurity and the specter of litigation

Technology: A lack of due diligence still a top threat in the cloud