2016 IT Security Predictions
Blog
Thought Leadership
2016 IT Security Predictions
Kristy McDaniel Baia
Recently, we sat down with our security analyst team and asked them about their top security concerns. While they see many threats throughout the year, below are their top ten threat predictions for 2016.
Cloud storage will make documents easier to access for consumers—and black hats.
The use of Dropbox, OneDrive, Box, Google Drive and other cloud storage services by individuals and organizations to access documents in multiple locations means that cybercriminals need to only infect one device to get access to a whole trove data.
Chip card technology will make POS credit card fraud more difficult for criminals, which will inspire them to develop malware that can compromise chip card technology.
With the new technology, it should hopefully become more difficult for cyber thieves to simply steal and utilize magnetic stripe account information. We instead anticipate it forcing them to begin creating and opening new accounts in their victims’ names and identities (Identity Theft). However, while they are forced to revert to their old ways, you can be assured that the cyber criminals are racing to create malware that can compromise chip technology.
The increasing use of wearable technology will begin to be examined a little deeper as people begin to wonder about where all of the data that they’re processing is ending up.
With the ever-expanding marketplace of health and fitness apps coupled with wearable devices that are monitoring our every move, heartbeat, and location, compromised security or even just poor privacy settings can contribute to this personal data being leaked. We can expect to see a lot of this data being used in target marketing, which although not illegal, puts this information in more datacenters, and consequently, gives cybercriminals more opportunities to steal it.
Acts of cyber aggression will continue between many nation states including the U.S. and China, as well as remain a tool of warring nations.
We may not be privy to the majority of these attacks against infrastructure or corporate espionage between our collective countries, but evidence suggests that the Internet has become an important tool in every aspect of our lives including war and politics. With the alleged North Korea hacks on Sony, we can expect this “boots at home” tactic to remain in the playbook, whether it be reconnaissance or even the disabling of infrastructures and communications.
Mobile Payment Systems work aggressively to make digital payments through services such as ApplePay, Google Wallet and CurrentC much more secure.
Vendors have been trying hard to change the way we make transactions with virtual wallets in our mobile devices. Its early adoption has left a bit to be desired thanks to security issues and concerns. However, these early flaws and the attack on the CurrentC payment system have also contributed to stricter security standards by mobile payment systems, with some having the option for a touch ID (aka thumbprint). We can expect vendors to continue to bolster their mobile payment security, while cybercriminals work hard to hack it.
Tried and true malware techniques will continue to evolve.
As organizations and individuals begin to exercise proper backup procedures and implement IT security plans, there will be fewer vulnerable targets for the criminals. However, this will force the cybercriminals to develop savvier malware and social engineering ploys, such as those utilized in ransomware, to terrorize businesses.
The bevy of breaches that occurred during 2015 and the abundance of credit card and other personal information obtained from them will lead to an increase in spear-phishing and other more targeted attacks.
Coupled with information gleaned from social media, so much private personal information exists on the cyber underground thanks to all of the data breaches now that criminals can assemble very specific personal profiles of their targets. We expect this information will be used for highly targeted attacks, like spear phishing, or in an effort to defeat new card technologies.
The TOR network and P2P networks will see a rise in use by botnets and benign services as well.
More sophisticated malware will continue to defeat detection by hiding in common services and using non-traditional forms of communication such as TOR or Peer to Peer. Adversely, Facebook’s new experimental move into the TOR network may inspire other reputable services to want to provide anonymous access thereby enticing new users who may have been unwilling to try them beforehand.
Unexposed vulnerabilities in widely used platforms and protocols will continue to be a goal for attackers.
The past few years showed us some major issues with secure communication like that in SSL as leveraged by Heartbleed and a long time bug in Bash with Shellshock. The discovery of vulnerabilities such as these will continue to be a major goal for attackers and defenders alike.
The ever-growing increase in mobility could spell trouble for BYOD policies.
Businesses that have adopted BYOD policies, but have very loose or even no IT security policies regarding them, may be in trouble as personal devices and work comingle. This could create a sharp increase in lost or compromised data collected from these devices if employees are not naturally scrupulous when it comes to their personal data protection.
While there is no one “silver bullet” that can protect you from a cyberattack, our security analyst team has offered some quick tips to keep you secure.
Always back up your files. Whether it’s malware like ransomware, or even just a simple hard drive failure by your dinosaur of a computer, your life will be much easier if you opt to back up your files. In the event of a ransomware infection, your options would be A) pay the ransom and support criminal activities, B) don’t pay the ransom and lose your files forever, C) do neither, because you have a copy of your files. It’s easy-peasy. Schedule regular software and hardware updates. Hardware and software updates often contain patches to security holes that can let in malware onto your network. Unless you want your network to turn into a zombie army of botnet computers, force the computers on your organization’s network to update frequently, and limit how many times an employee can select “update later.” On that note, when available, opt for cloud-based security solutions that update automatically, without any downtime. With cloud-based security with no downtime and automatic updates, you don’t have to worry about your employees skipping important security patches. Adopt layered, redundant IT security solutions to protect your organization’s network. If the bad guys’ malware-laced .zip attachment labeled “funny cat gif” never makes it into your intern’s inbox, he can’t open it and inadvertently infect your network. Likewise, if you have Web protection, you won’t have to worry about him downloading malware when he’s surfing the Web.