Attacks against the cloud, using the cloud for command and control of malware attacks, and securing endpoints are posing big worries for all industries, says Brian Kenyon of Blue Coat Systems.

Identity management is going to be a big issue in 2016, and emerging authentication tools, such as biometrics, could very well gain a more significant foothold, although not without posing new risks, says Steve Martino, CISO at Cisco Systems.

The "industrialization" of cybercrime, remote-access attacks and mobile-banking application and online-browser overlay attacks are trends the financial industry should monitor this year, says George Tubin of IBM Security Trusteer.

Too many companies that provide cybersecurity solutions are failing to focus on helping organizations control risk at a reasonable cost, argues Malcolm Harkins, CISO at Cylance.

Debit fraud losses in Canada hit an all-time low in 2015, mainly because of the nearly complete migration to EMV and real-time settlement of debit payments, says Mark Sullivan, who heads fraud management for Interac, Canada's payment network. He offers important lessons for the U.S.

The Department of Homeland security sees malware provenance - which identifies the attributes of malicious codes - as a way to complement its signature-based Einstein intrusion detection and prevention systems to find malware that infects IT systems.

Cybersecurity competitions are being adapted so employers can use them to vet the know-how of prospective employees, U.S. Cyber Challenge National Director Karen Evans says.

It used to be that security was the one big barrier to organizations embracing the cloud. But Troy Kitch of Oracle says that not only is that barrier coming down, but now leaders are seeing cloud as a security enabler.

The PCI Security Standards Council will soon release an update to its PCI Data Security Standard, requiring the use of multifactor authentication for administrators who have access to card data networks. In an interview, the council's Troy Leach explains the new requirements and compliance expectations.

Automobiles have crash ratings. Do they need ratings for cybersecurity, too? In this interview, security expert Jacob Olcott of BitSight Technologies previews a session he'll moderate at the RSA Conference 2016 that will address this question.