Experts Make 2016 Cybersecurity Predictions

Uploaded on 2016-01-13 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

In 2015, more than 178 million records on Americans were exposed in cyberattacks, according to the Identity Theft Research Center. The worst of them included the breach of the Office of Personnel Management, which exposed the personal information of 21.5 million people.

Even kids weren't safe. When electronic toymaker VTech was hacked in early December, 6.4 million children's profiles were compromised. Many experts don't believe 2016 will be any better. So what should the public be worried about in the coming year?

Everything from smart fridges to connected Barbies to the Apple Watch found their way into American homes in 2015. That trend should continue in 2016 — something hackers will probably exploit, according to several experts.

"A new frontier of data breach issues is on the horizon," Lane Thames, a security researcher for Tripwire, told NBC News. "It is a result of the growing number of devices that belong to the Internet of Things, a.k.a. the IoT."

While the emergence of new smart products might be exciting, Thames said, "very few of these devices are designed and developed with cybersecurity and data privacy in mind. Often, a skilled hacker can break into a new IoT device within a matter of days, if not hours."

Someone hacking into a car or home appliance is scary enough. But the Internet of Things is becoming a vital part of U.S. hospitals, a problem because the healthcare industry already faces 340 percent more cyberattacks than the average industry, according to a report from Raytheon and Websense Security Labs.

Fear of "false positives and delays" for patients means that 75 percent of hospital network traffic goes unmonitored, the report said, putting connected devices with access to sensitive patient information at risk.

Security firm Trend Micro dubbed 2016 the "year of online extortion." Ransomware infects a computer, and then threatens to lock a user out forever or delete data if the user doesn't pay up.

There will be more of that, Trend Micro said in a recent report. But in the wake of the Ashley Madison hack, where members were outed as possible philanderers, the blackmail could be even worse.

"Cyber extortionists will devise new ways to target its victim's psyche to make each attack personal," predicted Trend Micro.

"Reputation is everything, and threats that can ruin an individual's or a business' reputation will prove to be effective and — more importantly — lucrative."

Even more terrifying, the threat of ransomware and the growing Internet of Things could converge, according to Kaspersky Lab, "begging the question, how much would you be willing to pay to regain access to your TV programming? Your fridge? Your car?"

Greed isn't the only thing motivating hackers. In 2015, Anonymous went after ISIS and the Ku Klux Klan.

"Organizations need to realize that financial gain is no longer the only or even the biggest driver of some of their adversaries," Amit Yoran, president of security firm RSA, told NBC News in an email.

While Anonymous might grab the headlines, lone hackers with muddled motivations will be the bigger threat in 2016, predicted McAfee Labs in a recently published report. The people who hacked Ashley Madison and VTech both claimed they were simply exposing poor security practices. Over the next year, McAfee Labs says to expect "attacks that appear to be inspired by hacktivism but actually have very different, hard-to-determine motives."

Hackers don't need advanced skills or lots of money to cause chaos these days, the McAfee Labs report said, calling modern hacktivism "nothing more than a case of copy and paste." That means any kid with an ax to grind and moderate computer skills could take up the mantle of "hacktivism" and cause the next big security breach.

There is no shortage of private security firms and experts promising to prevent cyberattacks. But 2016 could be the year Uncle Sam takes a stand against hackers — for better or for worse.

"As international cyber threats increase and cyber warfare tactics are increasingly used by America's high profile enemies, ISIS, North Korea, Iran, the pressure to do something at the federal level will provide politicians an attractive issue in an election year," Jeff Hill, channel marketing manager for STEALTHbits Technologies, told NBC News.

Expect new legislation meant to protect sensitive information, Hill said, as well as the possibility that President Barack Obama could appoint something like a "cyber security czar to coordinate efforts to combat national security and corporate espionage-driven attacks."

Not only will the government feel pressure to prevent attacks, it will also need to find ways to help the millions of victims of security breaches — some of whom never learn that their information was exposed.

"With breaches on the rise at all levels from government to the private sector we will see a push for more legislation dealing with reporting and protections," Lamar Bailey, research director for Tripwire's vulnerability and exposures research team, told NBC News.

After as many as 80 million records were compromised in the Anthem breach, the insurer offered free credit monitoring to catch fraud. That isn't enough, Bailey said.

"Credit monitoring is not sufficient for protecting victims of a breach — it is like putting a Band-Aid on a bullet wound," Bailey told NBC News, predicting that the government could require more from hacked companies in 2016.

In the past, many assumed that Apple products were safer from cyberattacks than Windows and Android products. But as Apple's popularity grows — it currently owns 13.5 percent and 7.5 percent of the smartphone and PC markets, respectively, according to market research firm IDC — so too could the company's visibility as a target.

"A rising number of threat actors have begun developing specific malware designed to infect devices running Mac OS X or iOS," wrote Symantec on its website, noting that "Apple-related malware infections" have spiked in the last 18 months.

"Should Apple's popularity continue to grow, it seems likely that these trends will continue in 2016," said Symantec. "Apple users should not be complacent about security and change their perception that Apple devices are 'free from malware.'"
As always, there are steps that people can take to protect themselves, from always updating their software to coming up with a nearly unbreakable password (don't worry, there is an 11-year-old girl who can help you with that).

In 2016, IDC expects that more than 3.2 billion people will have access to the Internet. That is a lot of potential hackers and targets, so don't expect the number of security breaches to come down anytime soon.

NBC: http://nbcnews.to/1Ss9VKD

 

« Cyberwar Represents An Existential Threat
Predictive Analytics Tools Confront Insider Threats »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

TitanFile

TitanFile

TitanFile is an award-winning, easy and secure way for professionals to communicate without having to worry about security and privacy.

Wilson Sonsini Goodrich & Rosati (WSGR)

Wilson Sonsini Goodrich & Rosati (WSGR)

WSGR is the premier provider of legal services to technology, life sciences, and growth enterprises worldwide. Practice areas include cybersecurity and data protection.

Intrusion

Intrusion

Intrusion provides IT professionals with the most robust tool set available for performing in-depth research and analysis of network traffic.

Government Communications Security Bureau (GCSB)

Government Communications Security Bureau (GCSB)

GCSB contributes to New Zealand’s national security by providing information assurance and cyber security to the New Zealand Government and critical infrastructure organisations.

CultureAI

CultureAI

CultureAI deliver intelligent cyber security awareness education and tools that build resilient security cultures where employees help defend.

Trusona

Trusona

Trusona is a pioneer and leader in passwordless two-factor authentication (2FA).

Evanston Technology Partners (ETP)

Evanston Technology Partners (ETP)

ETP provides services and solutions to enable and transform businesses in the areas of cybersecurity, data protection, and efficient operations practices.

CloudBolt Software

CloudBolt Software

CloudBolt provide solutions for your toughest cloud challenges. From automation, to cost and security, and hybrid IT governance — we have you covered.

Speedinvest

Speedinvest

Speedinvest is one of Europe’s most active early-stage investors with a focus on Deep Tech, Fintech, Industrial Tech, Network Effects, and Digital Health.

DoControl

DoControl

DoControl gives organizations the automated, self-service tools they need for SaaS applications data access monitoring, orchestration, and remediation.

Appurity

Appurity

Appurity specialises in mobile and application security, delivering comprehensive solutions across all verticals.

Kriptos

Kriptos

Kriptos helps businesses improve their cybersecurity, risk, and compliance strategies by locating critical information through a technology that automatically classifies and labels documents using AI.

Tuta

Tuta

Tuta (formerly Tutanota) is an all-in-one email, calendar and contacts app which protects your data with full end-to-end encryption and it requires zero personal information.

Technivorus Technology

Technivorus Technology

Technivorus is a deep-tech firm delivering customized Cybersecurity, Digital Marketing, Web & App Development, and multifarious IT services for businesses across the globe.

Cloudflare

Cloudflare

Cloudflare is a global network designed to make everything you connect to the Internet secure, private, fast, and reliable.

Cyber Brain Academy

Cyber Brain Academy

At Cyber Brain Academy, our mission is to provide high-quality IT certification training for the cyber security workforce.