25 CISOs Identify the Biggest Security Challenges as They Enter 2016


As the year winds to a close, CISOs across industries assess the past year and plan for the security challenges they will face as they head into 2016.

Security Current heard from several key CISOs about what they think will be the most important issues in cybersecurity in 2016.

Read their insights here:


Joe Adornetto
Quest Diagnostics CISO
In 2015, three of the five largest data breaches were in healthcare. This latest evolution in the threat landscape places our industry in the crosshairs and as a healthcare provider we need to be prepared for an incident.

The ability to detect and manage an incident becomes a fundamental process as we focus on cybersecurity, particularly in areas of APT detection, communications, remedy & response, and threat intelligence.
Roota Almeida
Delta Dental of New Jersey Head of Information Security
The health care industry will continue to be a prime target for cyber criminals. No other single type of record contains so much Personally Identifiable Information (PII) that is often linked to financial and insurance information and can be used for various attacks. “Get ready for Medical Identity Fraud!”

Additionally, breaches in the past couple of years have wreaked havoc on many brands and reputations. Due to this, board and the C-suite will have an appetite for offloading the risk to insurance providers. Cyber insurance will gain velocity and popularity in the coming year.



Bret Arsenault
Microsoft Corporation CISO

In the world of cybersecurity, each year brings new threats against our networks and devices, but also new opportunities and innovations to protect against malicious actors.

As we look ahead to 2016 and protecting against the next generation of cyberattacks, it will be critical for businesses and organizations to focus on improving their existing safeguards, rather than focusing only on the types of attacks themselves. Interestingly enough, the most effective preventative actions aren’t necessarily cost-prohibitive – like robust monitoring systems, proper employee training, and a strong identity lifecycle process.

Keeping a pulse on internal security measures is just as important as protecting from external threats. While the external threats keep evolving, we all need to be diligent about building a pervasive security culture, in which employees have the necessary awareness to practice smart cyber hygiene and to make safer online decisions.
Devon Bryan
ADP Vice President Global Technical Services (CISO)
With 2015 being appropriately dubbed as ‘the year of the ‘mega breach’ and with the increasing sophistication and stealth with which miscreants have been launching their attacks, the predictions for 2016 are quite ominous.

Despite the increased penetration of EMV (Europay, MasterCard and Visa), I’m not anticipating significant declines in retailer financial crimes in 2016.  I’d expect that in 2016 the overly hyped market predictions regarding cyber insurance adoptions would actually start materializing.  I’d expect more dramatic transformation in the bloated end-point protection space with AV actually being replaced. I’d expect to see explosion in the ransomware space and specifically DD4BC variants.  I’d also expect to see dramatic developments in uber mobile malware.  Based on the current tensions in global privacy I’d expect some significant developments in US – EU Privacy relations.
Paul Calatayud
Surescripts CISO
In 2015, data breaches became a new reality for all industries and sectors of the economy. Cybercriminals no longer focused on retail but crossed into healthcare and the monetization of that data. Looking forward to 2016, organizations are preparing themselves and focusing on achieving operational excellence.

No longer do companies feel immune to information security threats. Instead organizations should assume a breach could happen and prepare for the worst. As part of improving their operations, companies are working to reduce breach detection times drastically from the average 229 days, according to the 2014 Mandiant Threat Report.

In addition, healthcare companies are taking a page out of the ecommerce playbook and proactively looking for weaknesses beyond the front end and customer facing systems in order to make sure all digital doors are closed to threats.



James Carpenter
Texas Scottish Rite Hospital for Children CISO
In 2015, CISO’s have been experiencing increasing pressure to not become delays for execution of business processes due to security policy. CISO’s are business problem solution providers as much as they are protectors. Furthermore, the CISO of 2015 has been expected to be a business leader, IT leader, finance leader, and an excellent people influencer and navigator. This has helped the CISO of 2015 establish a workable security program that may even have included changing the applications the business has been using or the technologies used by the workforce.

  • Key takeaways: CISO influence elevated across several business domains
  • CISO is a designer or co-designer of business solutions
  • No Delay – All elements of security programs are under scrutiny to ensure as much automation and reliability are in place

In 2016, increased investment in cloud / webscale / hyper convergence technologies will quicken the pace and reliability of IT deployments which will correspondingly force similar improvements in security to keep up. CISO’s will need to begin or increase their adoption of cloud security software such as DRAAS and cloud authentication to keep up.

Cloud services such as Office 360, Azure, Amazon AWS, should be piloted in a controlled way to begin engaging the future if this hasn’t happened already. More than ever, users are expecting an organization’s applications to mimic the characteristics of apps on their phones – always work, always fast, easy to use. The CISO of 2016 will be a leader engaging these technologies and methods to bring the benefits realization of cloud into reality for their organization.

2016 Forecast:

  • Bigger Internet pipes with high reliability/failover
  • Rapid increase in cloud technology adoption
  • Limited staff increases – new staff valuable skillset will be strong in Devops/Cloud concepts
  • SkunkWorks – Expanded partnerships with non-IT business units to explore new technologies together with a shared expectation that sometimes things won’t work.


Read the full article here


Credit: Security Current