The overwhelming shift to mobile and cloud computing among both businesses and consumers will see some surprising additions to the risk landscape in 2016. ISACA shares five cyber risk trends for the coming year that CISOs and CIOs should have on their radar.
“There is no question that cyberattacks are on the rise, but what is changing dramatically is the type of attack and the targets that bold fraudsters are focusing on,” said Christos Dimitriadis, Ph.D., CISA, CISM, CRISC, international president of ISACA. “In 2016, organizations must be sure that they have the cybersecurity framework, knowledge, skills and resources to manage these new threats.”
Five key cybersecurity trends for 2016:
1. Cyber-extortion will hit wearables, medical devices and gaming systems
B2B use of the Internet of Things (IoT) will more than quadruple by 2020, when the worldwide total of connected devices is expected to reach 5.4 billion. That means wearables, medical devices, clinical systems, gaming systems, smart home devices and others may be increasingly vulnerable to security risks. Nearly three-quarters of IT professionals believe the likelihood of an organization being hacked via an IoT device is medium or high, according to ISACA’s IT Risk/Reward Barometer study.
In particular, IoT devices are a convenient target for fraudsters, especially those attempting ransomware (a type of malware that denies access to the victim’s computer and data until the hacker is paid). Since 2012, the number of victimized enterprises—most of them small businesses—agreeing to make ransomware payments has increased from 2.9 percent to 41 percent.
2. Hackers will increasingly target cloud providers
Because more data are shifting outside of organizations through use of hybrid and public clouds, 2016 will bring more attempts from cybercriminals to gain direct access to that information. IT leaders are taking notice. In a recent Osterman Research survey, approximately 76 percent expressed concern about consumer-grade cloud storage, including file sync and share solutions.
3. Millennials will care more about privacy breaches
Surveys reveal a shift in thinking among Millennials, who have traditionally valued privacy less than other age groups.
2015 marked a number of high-visibility hacks that exposed the personal data of millions; further, Millennials are the generation most likely to use non-traditional IoT devices that are more abundant—and more vulnerable to security risks—than ever. These factors will prompt many Millennials to be more proactive with app providers and other businesses to ensure their private information stays private.
4. Mobile malware and malvertising will cause mayhem
As more services and advertising move from the desktop to mobile devices, 2016 will see a massive increase in the frequency of malvertising (the practice of injecting malicious advertisements into legitimate online advertising networks).
These and other types of mobile breaches have prompted an overwhelming majority of cyber experts (87 percent) to speculate that mobile payment data breaches will increase over the next 12 months.
5. Cybersecurity will be the “it” job of IT
One of the greatest threats to national and global economic security is the cybersecurity skills gap, and that shortage of experts will continue to stifle CISOs and CIOs in 2016.
More than half of the global cybersecurity professionals surveyed by ISACA and RSA Conference reported that less than a quarter of job applicants are qualified for the cybersecurity position they are seeking. Not surprisingly, this challenge has also made cybersecurity a lucrative career option and a “hot” job: it was named #8 on the 100 Best Jobs by U.S. News & World Report.