IT disaster recovery, cloud computing and information security news

Daisy

The 2016 cybersecurity threat landscape

2015 can be summarized as the year of the data breach, but what nefarious cyber-acts will define 2016? Experts from the newly combined Raytheon|Websense have shared their security predictions for the coming year:

The US elections cycle will drive significant themed attacks

Attackers will use the attention given to political campaigns, platforms and candidates, as an opportunity to tailor social engineering lures. Others will focus on hacktivism, targeting candidates and social media platforms. In addition to the obvious social engineering of threats around the political campaigns, platforms and candidates, the tools and infrastructure of those involved with the political process will be targeted (i.e. candidates, news sites, support groups).  Hacktivists may reveal unwelcomed personal details or use compromised accounts to spread false information appearing to come from the candidate.  Security lapses and gaps in defenses will prove costly for those who are not diligent during this time.

Mobile wallets and new payment technologies will introduce additional opportunities for credit card theft and fraud

Hacks targeting mobile devices and new payment methodologies will impact payment security more than EMV. The increase in non-traditional payment methods on mobile devices or via beacons and smart carts will open up the doors for a new wave of retail data breaches.

Forgotten maintenance of the Internet will become a major problem for defenders as costs rise, manageability falls and manpower is limited

Like barnacles on a boat, the cost of security maintenance will begin to grow and create massive problems with the Internet and security practices. A surprising number of the most popular websites on the Internet are not as secure as they should be with respect to certificates. Additional problems include: old and broken Javascript versions that invite compromise; rapid OS updates and new trends in software end-of-life processes that cause havoc; and new applications built on recycled code with old vulnerabilities. All of these ghosts of Internet past will come back to haunt in 2016.

The addition of the gTLD system will provide new opportunities for attackers

The number of gTLDs as of November 2015 exceeds 700 domains, and about 1,900 more are in the waiting list. As new top-line domains emerge, they will be rapidly colonized by attackers well before legitimate users. Taking advantage of domain confusion, criminals and nation-state attackers will create highly effective social engineering lures to steer unsuspecting users toward malware and data theft.

Cybersecurity insurers will create a more definitive actuarial model of risk – changing how security is defined and implemented

Insurance companies will mature their offerings with qualifications, exceptions and exemptions allowing them to refuse payment for breaches caused by ineffective security practices, while premiums and payouts will become more aligned with underlying security postures and better models of the cost of an actual breach. Further, insurance companies will greatly affect security programs, as requirements for insurance become as significant as many regulatory requirements (PCI, HIPAA, ISO 27001).

The Internet Of Things  (IOT) will help (and hurt) us all

The boundaries between corporate and personal devices have become blurrier, causing increasing friction and security challenges affecting critical infrastructure. Industries that utilize a large number of connected devices and networked systems in the course of their everyday business, such as healthcare, are likely to face a wider range of security vulnerabilities and threats.

DTP adoption will dramatically increase in more mainstream companies

As a result of the very public breaches of 2015, predicted changes in cyber insurance, increased visibility in the boardroom for all things cyber and continued worries about data loss, there will be a more aggressive adoption of data theft prevention strategies outside of its traditional financial services installation base. The prevailing assumption among security teams will become ‘we are already compromised’ to help them strengthen their ability to deal with the inevitable.

Societal views of privacy will evolve, with great impact to defenders

Increasing frequency of data breaches, such as the many seen in 2015, are changing the way we think about personally identifiable information (PII). Further breaches and loss of PII will drive major shifts in the way in which privacy is perceived. Just as the last decade saw the introduction of ‘the right to be forgotten,’ anticipate that within the next decade similar large shifts in privacy rights and expectations will emerge.

More details.


Want news and features emailed to you?

Signup to our free newsletters and never miss a story.

A website you can trust

The entire Continuity Central website is scanned daily by Sucuri to ensure that no malware exists within the site. This means that you can browse with complete confidence.

Business continuity?

Business continuity can be defined as 'the processes, procedures, decisions and activities to ensure that an organization can continue to function through an operational interruption'. Read more about the basics of business continuity here.

Get the latest news and information sent to you by email

Continuity Central provides a number of free newsletters which are distributed by email. To subscribe click here.