2015 has been a busy year for hackers, in fact, it has been said to be the most successful year so far for hackers around the world. They've managed to hack into everything from the Ashley Madison database to the CIA Director's AOL account, from companies like Snapchat to Starbucks and Target. As we step into the new year, many security experts are making their cyber security predictions.
Most experts believe 2016 won't be any better. As we head into 2016, I think there’s good reason to go back and observe the several shifts that took place in the tactics used in the recent attacks. Thinking like a hacker is one of the first steps to try and understand the security landscape. This is the first step towards planning mobile security strategies for the year to come.
Here's our cyber security predictions for 2016:
More Attacks on Apps, and People Behind Apps
It is now evident, thanks to the emergence of Wirelurker and Masque attacks on iOS, that app threats are no longer exclusive to Android. Organizations have started to realize this and have been on high alert. The year 2016 will see businesses embrace App Reputation Services and Mobile Security solutions to go beyond identifying OS compromise to spot malicious and risky apps.
When taking a look at some of the attacks employed against mobile devices – such as recent iOS attacks like XcodeGhost and WireLurker – what’s interesting is that the techniques were far more nuanced than they might appear. Instead of just developing a piece of malware, the people behind these attacks customized the delivery system that would get the malware onto the mobile device.
In fact, both attacks were capable of inserting malware into non-jailbroken phones. Attackers are capable of inserting themselves into interfaces that are used by mobile devices, thus creating new threat vectors.
In 2016, businesses now cannot rely on one method of protection. A blended effort is needed that helps protect endpoints, network, mobile devices and mobile apps.
Internet of Hackable Things
2015 has been an eventful year for IOT devices. We've seen the birth of everything smart starting from watches and fridges to barbies and cars! This trend has just started and is here to stay. 2016 will not only see a growth in the number of these devices launched but will also see more devices find a place in people's homes.
As the number of adopters continues to grow, IOT devices will become a new frontier of attacks for hackers. It is true that most of these smart products are truly exciting and will make lives easier but the fact is that very few of these devices are designed and developed with cyber security and data privacy in mind.
For hackers, these new smart devices provide new attack vectors that are usually not hardened and thus easier to initiate a breach.
Rise of Ransomware
Security firm Trend Micro dubbed 2016 the "year of online extortion." Ransomware infects a computer, and then threatens to lock a user out forever or delete data if the user doesn't pay up.
Ransomware will remain a major and rapidly growing threat in 2016. With upcoming new variants and the success of the “ransomware-as-a-service” business model, it is predicted that the rise of ransomware that started in the third quarter of 2014 will continue in 2016.
Attacks will get more personal as cyber extortionists will devise new ways to target victims. This is all about reputation. Individuals and businesses that have built some amount of reputation will be victims of ransomware. 2016 will see a focus on industry sectors like finance and government where stakes are too high and people have the ability to pay a ransom. End of the day, we need to ask ourselves, how much or till how long can you pay?
Rise of Hacktivism
The concept of hacktivism is not new. Driven by a clearly defined political or social point to make, a very skilled hacktivist group attacks a well-known entity and uses that platform to make its point. Anonymous is probably the best-known hacktivist group, but there are many others.
It is possible that these actions and others like them are the work of chaotic actors—those who just want to see things burn. If that is true, then we may be entering a world of vandalism at an industrial scale. It is also possible that the actual motivations are classic corporate cybercrime that is simply using hacktivism as a mask. Or, they could be a “false flag” operations, as Anonymous claimed in the Canadian attack. Whatever the true motivations for these attacks, the reality is that victim organizations will suffer significant major financial losses.
Healthcare Technology Advancement will Open Up New Attack Vectors
Someone hacking into a car or home appliance is scary enough. But the Internet of Things is becoming a vital part of modern hospitals, a problem because the healthcare industry already faces 340 percent more cyber attacks than the average industry, according to a report from Raytheon and Websense Security Labs.
2015 was a rough year for the healthcare industry – more than 112 million healthcare records were breached, according to the HHS breach portal. That’s nine times (9x) higher than 2014.
In 2016, we will continue to see an increased number of targeted cyberattacks, resulting in major breaches in the healthcare industry. The healthcare providers who will be least impacted are those who:
- Conduct regular end-user security training to reduce successful phishing.
- Enforce a robust threat and vulnerability management program to identify risks.
- Deploy an advanced integrated security architecture to prevent cyberattacks on the network, on the endpoint, and in the cloud.
Growth in Mobile Payments will Lead to More Cyber Threats
Pretty soon people will think that the old ways to pay were easy and simple. All you had to do to shop is have enough cash in your wallet. Today, with so many payment methods available, it is rather confusing - from Bitcoins, ApplePay, digital wallets, credit cards, and debit cards, to online payment services and more.
There has always been a significant security focus on vulnerabilities associated with credit and debit card transactions. This makes sense as they account for the most number of transactions. However, with the growth in alternate payment methods, the number of attack surfaces have multiplied, giving cyber thieves many, many targets from which to choose.
Today, attacks are targeted more towards consumers because they are both the source of the credentials as well as the weakest link in the payment chain. Our prediction is that 2016 will see many more cases where cybercriminals will lead attacks that result in theft and sale of credentials. The number of such attacks will also only grow.
Governments Will Take Action, Better Cyber Security Legislation to Come
Clearly there is no dearth of private security firms and experts who promise to prevent cyber attacks. In fact, it is because of them that many attacks are in control. As private players continue to grow and evolve, 2016 could be the year where many governments step up their action against cyber crimes. As attacks get more severe, sometimes leading to cyber warefare like in the case with ISI, North Korea, Iran, etc., the pressure to do something at the federal level is unavoidable.
We expect new legislations to be brought about in many countries across the world to increase national and global security against cyber criminals. The day is not far when governments will not only feel the pressure to prevent attacks but will also need to find ways to help the millions of victims of security breaches.
Boosting security efficiency and effectiveness will be a key imperative during the next five years. It is estimated that around 200 billion devices will need protection by 2020. At the same time the number and required skill level of security professionals is increasing while the availability of those people and skills is way below market demand.
Wearables, gadgets, sensors, and other things on the Internet are creating new connections and exposing new vulnerabilities. Every new product that connects to the Internet faces the full force of today’s threats, and we have a long way to go to keep up with the speed and complexity of attacks.