Gazing Into the Crystal Ball: Predicting 2016 Security Concerns
DECEMBER 7, 2015 • Blog Post • By Sue Poremba, HPE Matter Contributor
IN THIS ARTICLE
- Security breaches are increasing in frequency and in the amount of data that is compromised each year—a trend that is expected to continue into 2016
- Security experts predict that mobile devices and higher education will face more threats this year
HPE Matter asked three cybersecurity experts what they see for the coming year
2014 is popularly known as the “year of the breach,” and while 2015 doesn’t yet appear to have a label, Mark Painter, security evangelist with Hewlett Packard Enterprise, believes that we are in the midst of the “age of the hack.”
“We keep seeing these spectacularly successful attacks,” Painter says, noting that attacks are coming in greater numbers than anyone was able to foresee. “For 2015, I predicted that there would be 30,000 medical records exposed per day due to data breaches, and that number was blown out of the water by February.”
In this “age of the hack,” security breaches and other threats are increasing in frequency and in the amount of data compromised each year, and Painter expects that trend to continue into 2016.
“It will get worse,” he says. “We haven’t hit rock bottom yet.”
There are a few constants, such as the focus on medical and financial records, which provide cyber criminals with a wealth of information. What change from year to year, however, are the types of attacks and the targeted end points. Read on to find out the top security predictions for 2016.
Mobile phone attacks will grow not only in number, but also in criticality.
1. Mobile attacks
In 2015, we saw an increase in mobile application vulnerabilities, most of which were more annoying than dangerous. Painter expects to continue seeing mobile application vulnerabilities in 2016, but predicted that mobile phone attacks will grow not only in number, but also in criticality. These are the types of attacks that could take down an entire server.
Robert Twitchell, founder and CEO of Dispersive Technologies and Department of Defense Cyber and Mobile Warfare expert, agrees that mobile will be a focal point for cybersecurity incidents in the coming year, and he believes that mobile threats will be the top security concern in 2016. Twitchell predicts that we’ll see more DDoS attacks targeted specifically for mobile applications and that hackers will take greater advantage of weak operating systems (and that includes iOS, he says). Hackers will also prey on human mistakes.
“Mobile phones are expected to support more and more complicated applications, leaving possible gaps in functionality that can be exploited,” Twitchell says. “The smaller screens make it easier for fraud/hackers to create screens that look genuine and trick people into signing in and giving up information.”
2. Higher education
While we can expect to see mobile threats expand and morph into new areas next year, there will be some newer landscapes that will be exploited in the near future. In 2015, we saw universities become targets, falling victim to intellectual property theft. According to Painter, we will likely see cyber criminals take advantage of the fragmented IT infrastructure of higher learning institutions to gather a myriad of data.
Along with data collection, Painter says to be on the lookout for more blackmail attempts. This isn’t just information worth something on the black market, this is information that has great value to the owner, whether it is top secret defense projects or personal information on an incriminating website. After the Ashley Madison breach, we saw how hackers will use compromised records as a form of blackmail, and that is only the beginning. Expect it to get worse as the stakes of hacked data get higher.
The bad news is that some hackers are staying a step ahead of these security measures.
4. Long-term information gathering
Finally, 2016 may be the year that we see a greater threat of cyberwar-style tactics.
“In this cyber war, bad actors exploit perimeter security within minutes, but spend many months in ‘command and control’ mode, moving between machines to locate sensitive data,” says Paul Shomo, senior technical manager with Guidance Software. “Thus, malware designed primarily for long term command and control, such as Remote Access Trojans, will continue to be the black hat workhorse our industry battles within its walls.”
The predictions aren’t all dire. The good news is that organizations are getting a lot better at instituting security measures and are taking cybersecurity more seriously than ever before. Unfortunately, the bad news is that some hackers are staying a step ahead of these security measures. It looks like the one certain prediction is that the “age of the hack” is going to be here through 2016 and beyond.
Today, a global threat marketplace collaborates and innovates to attack organizations 24/7. It’s time to think like a bad guy. HPE draws on decades of enterprise security experience and industry-leading solutions to help businesses identify and neutralize threats while preparing for the next battle. Together, HPE and enterprises aren’t just reacting to the changing threat landscape, we’re proactively countering the adversary to win the war.