A new year comes to an end, and it leaves us with several lessons learned in security. 2015 was a year for data breaches: U.S. federal agencies, dating sites, insurance companies, and other technology companies all fell victim to cyber-attacks.
These lessons will probably guide security efforts and trends for the year to come. Here are our top 5 predictions for the cyber security world in 2016.
2015 was the year when the Internet of Things (IoT) became one of the world’s fastest growing technology sectors, and simultaneously one of the fastest growing sources of security vulnerabilities for both consumers and enterprises.
In the rush to release devices, manufacturers did not give them considerable security measures. Devices were designed for convenience, but not engineered with security in mind.
As more and more devices become tied into the Internet, the insufficient security mechanisms will likely expand the security threats in this industry. Consumers are aware of this situation, but it won’t stop them from using IoT devices.
Through 2016, the growth of IoT devices will put pressure on manufacturers to implement the necessary security.
Moreover, as cars, personal wearable devices, and household appliances become interconnected, the security risk of IoT will only increase.
Mobile devices: app attack
Nowadays, the dependence of people on their smartphones and tablets is huge. These devices contain a lot of personal information due to the huge number of operations that they can perform. People access their bank account, make purchases, and pay bills.
We use these devices for everything and that makes them a target for cyber criminals.
> See also: Top 6 cyber security predictions for 2016
Today’s mobile apps collect a considerable amount of data, which means that their security must be taken into account to maintain the security of the devices they run on. The vulnerability of a simple mobile application could lead to the compromise of an entire company network.
In the next year, more companies will acknowledge this threat and take action to detect and fix potential security holes in networks and applications.
Remember that keeping your applications updated can help keep your devices and data secure.
The old criminal methods will continue to evolve to the virtual world. The past few years have seen an increase in reported cases of cyber extortion (while many remain unreported), according to the NYA Cyber Extortion Risk Report.
Extortion is any kind of payment demanded in exchange for not causing harm, or threatening to cause you harm. It includes Denial of Service (DoS), stealing confidential data, sexortion, and ransomware, a type of malicious software that infects a victim’s computer and encrypts its data and/or locks the computer until it is released by your payment.
In 2016, online threats will evolve to rely more on mastering the psychological side of the attack rather than the technical aspects of the operation. Attackers will continue to exploit people’s fear to coerce victims into paying, as it has proven to be effective in the past.
Reputation is essential, and threats that can ruin the reputation of an individual or – even more important – a business will prove to be effective and lucrative to cyber criminals.
Companies can protect themselves and their users against cyber extortion by developing a strong incident response capability to complement their traditional security measures. As prevention cannot be successful every time, being capable of detecting and responding to incidents faster will be crucial.
Machine Learning is the study of the construction algorithms that can learn from and make predictions from data. It has seen a lot of growth this year, especially in the many scenarios where it can be applied.
In the security arena, it is used for security analytics and anomaly detection to automate, making cyber security less dependent on humans. In this way, enterprises can detect and respond to threats even if they do not have skilled security analysts.
Through the use of machine learning it is possible to build tools that analyse data across multiple threat vectors, allowing for the development of predictive algorithms and a better understanding of the threats that enterprises are exposed to.
Nowadays, enterprises consider security as a competitive advantage. That’s why 2016 will see companies willing to invest in security, especially on a cybercrime prediction.
The question is, will the bad guys start using machine learning for their own purposes too?
Following the high rate of adoption of Cloud Services platforms, cyber criminals will increasingly focus on exploiting their customers and stealing valuable and confidential data. Cloud providers have implemented advanced technologies for data protection, network security, privacy, and authentication/authorization management.
Many of them have infrastructure capabilities that better block attacks and have better contingency plans and accelerated incident response. Most users trust in the security of the big cloud platforms, and providers will be pressured to maintain high levels of security because they will likely be one of the most important targets of cyber attackers.
> See also: The 2016 cyber security roadmap
One of the most important things we have to understand is that money is no longer the sole motivation for cyber criminals. Rather than hacking just for financial gain, in 2016 cybercriminals will sneak in to cause physical damage.
During 2015, most hacktivist groups have already demonstrated that they are motivated not by money, but by causes that they believe in. When money is no longer the motivator, infrastructures, data, reputation, and more are put at risk.
Enterprises will have to be more careful as the Internet of Things expands the attack surface. Any device that is connected to the Internet is prone to compromise. People will soon realise that their smartwatches or their connected home appliances can be used to infiltrate corporate and government networks.
2016 will also see cybercrime prediction, powered by machine learning techniques, as a priority of the cybersecurity industry to anticipate where hackers will attack next.
Enterprises will complement their prevention and failover strategies with detection technologies to get better visibility on their infrastructure. All of this will focus on maintaining one of their most important assets: their reputation.
Sourced from Diego Poza, Auth0