"Don't confuse this with phones," Durbin says. "Mobility is more than that. The smartphone is just one component of mobility."
He notes that there are an increasing number of workers just like him that are constantly mobile.
"We don't have offices, as such," he says. "The last time I checked in it was a hotel. Today it's somebody else's office environment. How do I really know that it is 'Steve' coming in to this particular system? I might know that it's Steve's device, or what I believe to be Steve's device, but how do I know that it's Steve on the other end of that device?"
Organizations should be prepared to embrace the increasingly complex IoT and understand what it means for them, Durbin says. Chief Information Security Officers (CISOs) should be proactive in preparing the organization for the inevitable by ensuring that apps developed in-house follow the testing steps in a recognized systems development lifecycle approach. They should also be managing user devices in line with existing asset management policies and processes, incorporating user devices into existing standards for access management and promoting education and awareness of BYOD risk in innovative ways.
4. Cybercrime causes the perfect threat storm
Cybercrime topped the list of threats in 2015, and it's not going away in 2016, Durbin says. Cybercrime, along with an increase in hacktivism, the surge in cost of compliance to deal with the uptick in regulatory requirements and the relentless advances in technology against a backdrop of under investment in security departments, can all combine to cause the perfect threat storm. Organizations that adopt a risk management approach to identify what the business relies on most will be well placed to quantify the business case to invest in resilience.
Cyberspace is an increasingly attractive hunting ground for criminals, activists and terrorists motivated to make money, cause disruption or even bring down corporations and governments through online attacks. Organizations must be prepared for the unpredictable so they have the resilience to withstand unforeseen, high impact events.
"I see an increasing maturity and development of the cybercrime gangs," Durbin says. "They're incredibly sophisticated and well-coordinated. We're seeing an increase in crime as a service. This increasing sophistication is going to cause real challenges for organizations. We're really moving into an area where you can't predict how a cybercriminal is going to come after you. From an organizational standpoint, how do you defend against that?
Part of the problem is that many organizations are still focusing on defending the perimeter in an era when insiders — whether malicious or simply ignorant of proper security practices — make that perimeter increasingly permeable.
Sign up for CIO Asia eNewsletters.