by: Ben J. Carnevale
Cyber-security continued to be a key area of concern and struggle among organizations of all sizes in 2015, and, to no one’s surprise, cyber security related activities are going to most definitely affect many in 2016.
From its presence in the board room to political campaigns, cybersecurity related activities will continue to dominate tech news and trends in 2016. Organization leaders and the IT teams they oversee should continue to dedicate time to better understanding cybersecurity risks and solutions in the year ahead.
With the cybersecurity landscape constantly evolving, security and preparedness requirements and protection solutions must remain constantly vigilant and ready to match, if not anticipate, the cyber-attacker’s next moves.
CyberSecurity Related Trends for 2016
With this in mind our staff presents what it finds to be in store for cybersecurity related trends and activities in 2016.
1. Internet of Things (IoT) to expand. The IoT space is being designed with convenience as the forethought, but regrettably engineered with security as an afterthought. Through 2016, the proliferation of IoT devices will put pressure on manufacturers to come to grips with the problems associated with IoT security.
The bottom line: If it isn’t secure, it shouldn’t be purchased—regardless of the connectivity or promise of user benefits. Furthermore, as cars, personal wearable devices, and household items become interconnected, the security risk inherent in the IoT is only compounded.
2. CyberSecurity Related Activities will become more approachable and user-friendly. Organizations need to struggle less in making sense of the excess of new monitoring, endpoint, and threat technologies. To secure buy-in and funding for new initiatives of containment in 2016, less-dense terminology and more approachable, user-friendly security software will encourage new investment from non-security IT staff, and will shift the perception of value in the market to support those investments.
3. Hacktivist and terrorist cyber-attacks will grow in impact and visibility. Ongoing 2016 conflict in the Middle East, Eastern Europe, and political tension worldwide over immigration, global warming, and socioeconomic inequality will create opportunities and targets for message-driven attacks against both the online presence and infrastructure of organizations and governments. Expect to see a groundswell of inconvenient and embarrassing disclosures, with some concentrated attempts to shut down systems or communication channels.
4. More Attacks through Apps. The vulnerability of a simple mobile application is increasingly more likely to lead to the compromise of an entire company network. 2016 will see more companies recognize this threat and apply for a professional vulnerability assessment that identifies potential security holes in networks and applications—including patch levels, router configuration issues, and other potential problems such as user verification.
5. Privacy, at the expense of improved security and stability of threatened U.S. infrastructure, will dominate election-year cybersecurity discussions. In 2016, the focus will remain on the emotional issue of personal data privacy, and this emphasis will obscure the difficult discussions of investment and change needed to create an environment capable of ensuring privacy. Look for continuing finger-pointing in the wake of new attacks and breaches, but little in the way of proactive initiatives to address well-known and long-lived weaknesses in federal information technology systems.
6. Cyber-crime Beginning to Look More Like Organized Crime. Cybercriminals are employing tried and true “old” scams such as extortion and blackmail, but the illegal activities are now repurposed for the Internet. 2016 will see the continued popularization of DDoS attacks used a method by which to attract attention, and in some cases, distract from the real attack payload.
7. A rise in civil liability settlements over cybersecurity related law suits will drive industries to define reasonable cybersecurity requirements. 2016 will be the year that financial liability will motivate industries to tackle establishing required – not recommended – best practices.
8. Smartphone Risk and Usage Will Continue to Grow. As more and more people do large amounts of their financial dealings on their smartphones, these devices will increasingly be targeted by identity thieves seeking to exploit vulnerabilities in the Android systems and Apple’s iOS. Hackers will also take advantage of smartphone users failing to use basic security precautions such as having a complex password for their smartphones or failing to install and continually update anti-virus and anti-malware software.
9. Security training and certification personnel will grow in number. With projected cybersecurity headcount deficits in 2016 numbering in the millions, organizations will continue to supplement their existing IT staff with security-trained personnel, but will look to do so at a much lower cost than that required by today’s CISSPs (Certified Information Systems Security Professionals) and established security analysts.
10. Healthcare Industry Will Grow as a Target for Data Breaches. The health care industry will remain the largest segment of the economy to be victimized by data breaches both because, as an industry, it does not provide sufficient data security and because the sale of medical insurance information on the black market is more lucrative than selling stolen credit and debit card information. Medical identity theft is not only the most costly for its individual victims to recover from, but also presents a potentially deadly threat when the identity thief’s medical information becomes intermingled with the medical identity theft victim’s medical records.
Steve Weisman is a lawyer, a professor at Bentley University and one of the country’s leading experts in scams and identity theft. Our staff recommends following his research, findings and writings on this timely topic.
As Steve Weisman states, “The threat of scams and identity theft is not as bad as you think. It is far worse and getting more serious every day. Modern technology has been a boon to mankind, but it has even been a bigger boon to scam artists and identity thieves who are able to use the latest technology to scam you and steal your identity from your cell phone and every other mobile device. Technology may be a part of the problem, but it is also part of the solution. But, the biggest solution is knowledge and skepticism.”
If applicable and you find a need to pursue this timely risk management topic, please visit Weisman’s blog website scamicide.com, where he provides daily update information about the latest scams. His new book is “Identity Theft Alert: 10 Rules You Must Follow to Protect Yourself from America’s #1 Crime”.