Another List Of Top Security Predictions For 2016

Uploaded on 2016-01-26 in FREE TO VIEW

Here are some best guesses about the evolution of security threats in 2016 from CSO.

IoT for ransom
The Internet of Things will become an ever more fertile attack surface for governments, mercenaries, hacktivists and even terrorists. Many IoT devices lack significant memory space or OS capability, so treating them like endpoint agents will fail.

Ransomware will gain ground on banking Trojans and extend into smart devices like coffee makers, refrigerators, baby monitors, cars, wearables and medical devices, often owned by wealthier and therefore more lucrative targets. Most wearables, which collect personal information, lack even basic security features.

This will increase the threat of a massive collision among connected cars; stolen personal information about users’ home electrical and water usage; and attackers locking medical devices until a ransom is paid.

Your card is safer. You aren’t
Card-Not-Present (CNP) fraud will grow from $10 billion in 2014 to more than $19 billion in 2018. The increasing adoption of EMV cards and digital wallet solutions, such as Apple Pay and Google Wallet, will reduce point-of-sale system fraud and counterfeit credit cards. Unfortunately, that will push more fraudsters online to monetize fake and stolen credit cards.

Extortapalooza
DOXing – public shaming and extortion attacks – which rose in 2015, will spike exponentially in 2016, as everyone from hacktivists to nation states embraces the strategic dumping of private pictures, information, customer lists, and code to shame their targets. It will go well beyond Charlie Sheen having to admit his HIV status – cyber criminals know they can use the data for extortion, which will lead to some websites to be breached for the sole purpose of mass personalized extortion schemes.
 
At your criminal service
The profitability of cyber-attacks means sophisticated criminal gangs with modern organizational models and tools will replace common cyber criminals as the primary threat. That, in turn, will draw mercenaries to meet the demand for new malware and even entire operations. The latter gives rise to Access-as-a-Service, offering up access to already hacked targets to the highest bidder.

Ghosts of Internet Past
The structure of the Internet is aging – forgotten and deferred maintenance will become a major, increasingly expensive problem for defenders. Among them: Alexa 1000 certificates not up to date; old and broken JavaScript versions that invite compromise; rapid OS updates and new trends in software end-of-life processes that cause havoc and new applications built on recycled code with old vulnerabilities (think Heartbleed and POODLE).

Malicious e-commerce goes social
Many traditional social networking sites such as Pinterest, Facebook and Twitter have announced plans to add “buy” buttons to their platforms in an effort to increase stickiness with their users and help monetize their user base. This will attract criminals looking to conduct fraudulent transactions on these platforms.

Passwords pass away
"No password" authentication methods will no longer be a pipe dream. Organizations will begin offering authentication methods that are a quicker and more seamless experience for users than passwords. They will include biometric, geolocation, Bluetooth proximity and pictographs.

The power of prediction
Prediction will emerge as the new Holy Grail of security. Prevention is passé, and even detection technologies will be supplanted by prediction, with machine learning becoming a key tool to help organizations anticipate where hackers will strike.

Cloud Wars
As more organizations store their most valuable data in the cloud (customer and employee data, intellectual property etc.), the bad guys will find a way to gain access to this data, using computation infrastructure, which allows them to hide easily behind legitimate network sources and thus remain anonymous.

Hackers will use credentials to cloud services as a major attack vector. Social engineering tactics will focus on mimicking cloud login screens to gain credentials.

Crime piggybacks politics
The US elections will drive significant themed attacks. Attackers will use the attention given to political campaigns, platforms and candidates, as an opportunity to tailor social engineering lures. Others will focus on hacktivism, targeting candidates and social media platforms.

Getting physical
2016 will witness the world’s first openly declared cyberwar, where the primary goals of the attackers – hacktivists, nation states or terrorists – are not financial but to cause physical damage in support of terrorist or geopolitical agendas. That will put infrastructure, priceless artifacts and more at risk. Transnational terrorist groups such as ISIS will attempt to attack a SCADA system or critical infrastructure with the goal of inflicting either economic damage or mass casualties.

Smaller won’t be safer
Hackers will no longer target just large organizations, as they can get equally valuable information in other places through analytics on the data they are collecting and combine data to make it more valuable. That means smaller organizations are more likely targets.

Cybercrime goes even more global
Smaller, developing countries that weren’t big on cybercrime want in. It doesn’t take a big military to cause big damage. Some – like Nigeria – are already entering the fray with more sophisticated attacks. Conflicts throughout the world will bring with them hardware-connected attacks.

Divide and conquer the juncture
The appearance of a balkanized Internet, divided by countries, which would make any region vulnerable to attacks on the service junctures that provide access across different boundaries. Such a landscape could lead to a black market for connectivity.

Get thee an MSSP
The failure of organizations and countries to build up cyber talent will become a huge problem. Demand for information security professionals is expected to grow by 53 percent through 2018. Because of this, security jobs will be filled by MSSPs, and the cost will not decrease.

CSO Online: http://bit.ly/1ZbYLeS

« ‘I Hacked Citrix’ - Mystery Russian ‘w0rm’
Ukraine Is Blaming Russian State Sponsored Hackers »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Visual Guard

Visual Guard

Visual Guard is a modular solution covering most application security requirements, from application-level security systems to Corporate Identity and Access Management Solutions.

Anect

Anect

Anect is a leading provider of ICT security and services for hybrid and cloud solutions.

A-LIGN

A-LIGN

A-LIGN is a technology-enabled security and compliance partner trusted by more than 2,500 global organizations to mitigate cybersecurity risks.

Blaze Information Security

Blaze Information Security

Blaze Information Security is a privately held, independent information security firm born from years of combined experience and international presence.

Get Safe Online

Get Safe Online

Get Safe Online is a leading source of unbiased, factual and easy-to-understand information on online safety.

Adzuna

Adzuna

Adzuna is a search engine for job ads used by over 10 million visitors per month that aims to list every job everywhere, including thousands of vacancies in Cybersecurity.

Zeusmark

Zeusmark

Zeusmark are a digital brand security company. We enable companies to successfully defend their brands, revenue and consumers online.

NJVC

NJVC

NJVC delivers IT automation, optimization and security to empower mission-enabling IT for customers with secure requirements.

Grip Security

Grip Security

Grip Security provides comprehensive visibility, governance and data security to help enterprises effortlessly secure a burgeoning and chaotic SaaS ecosystem.

Wavex Technology

Wavex Technology

Wavex Technology is an award winning IT Services firm offering clients a secure and fully managed IT service.

SEIRIM

SEIRIM

SEIRIM delivers cybersecurity solutions in Shanghai China specializing in Web Application Security, Network Security for SME's, Vulnerability Management, and serving as Managed Security as a Service.

blueAllianceIT

blueAllianceIT

blueAlliance IT is an investment and growth platform that unites local MSP and IT companies around the nation, helping them to grow and operate competitively.

Cisco Networking Academy

Cisco Networking Academy

Cisco Networking Academy is the world's largest classroom, bringing technology education, 21st-century skills, and improved jobs prospects since 1997.

NAK Consulting Services

NAK Consulting Services

NAK is helping organisations to create Secure, Agile IT Environments. Our goal is to be the trusted advisor and managed service partner for our clients.

Eventus Security

Eventus Security

Eventus, are a team of highly skilled professionals who are committed to deliver excellence in next generation cyber security services and customized solutions for your enterprise.

Getvisibility

Getvisibility

Getvisibility enables customers to detect, classify and protect sensitive information increasing data security, governance, compliance and lowering the risk of losing valuable data.