With 2016 almost here, many of us are making critical decisions regarding new security projects. Determining just where to focus and spend our limited resources is never easy, but by anticipating the next wave of threats, businesses will hopefully be better prepared to avoid the evolving tactics and exploits that criminals will use to target them.
Here are some of the top IT security threats and trends we can expect to see during 2016.
1. Attacks against smaller enterprises will increase – The number of serious security breaches and incidents will continue to rapidly expand, especially for 2nd tier enterprises that have been slower to roll out aggressive defenses. The unfortunate reality is that the number of vulnerabilities and potential hack points increase exponentially each year. Every new release of every application, operating system, or device increases the number of exploit opportunities for cybercriminals. Additionally, hacking tools are better than ever at finding openings in older, legacy products. So look for an increase in data breaches in 2016, especially among smaller organizations that haven’t deployed the latest generation of security tools. Hackers will always go after the weakest link. If they determine that the big guys have toughened up, they’re just going to go after easier targets: the smaller enterprises.
2. Security professionals will continue to be in demand – The global shortage of security professionals will continue to increase – further straining security teams and businesses as they struggle to find and employ more security help. Internal training and outsourcing security management are partial answers, but these steps won’t solve the overall problem. There simply will not be enough security brainpower to match the need for several years or more. Look for new generation products that a) specifically focus on leveraging the time and abilities of existing professionals; and b) reduce the skills required for security newcomers.
3. Hacktivist attacks will become more severe – Hacktivists will raise their game from relatively simple web defacements to full-on data breaches and methodical attacks in order to annihilate their targets. Fed by the recent successes of high-profile attacks like Ashley Madison, Sony, and others, activist organizations will become bolder and better at breaching, crippling, and destroying their targets to make their political, religious, environmental, or other points. Unfortunately, a lot of organizations will learn that they have more enemies then they thought, and that those enemies can reach them.
4. Hackers will target Windows 10 and iOS 9 – With the recent release of Windows 10 and iOS 9, expect to see cyber criminals turn their attention to exploiting vulnerabilities in these new operating systems. With the limited success of Windows 8, the pent-up demand and free download of Windows 10 are generating wide adoption of the new OS. This, and the fact that new operating systems tend to need frequent updates, will not be lost on hackers who will take advantage of organizations and users that are slow to apply fixes.
5. Enterprises will address IoT security concerns – Potential attacks from the Internet of Things (IoT) will start to heavily impact security policies and practices. Although the masses are not likely to see large breaches that involve such devices in 2016, we are likely to see thingbots and other IoT-based malware impact at least a few organizations. Now’s the time to start preparing for the sure invasion of everything smart – from watches, fitness bands and other wearables, to smart TVs, thermostats, personal devices of every type, and everything else that can be turned on. Physical devices will need to be brought into IT security policies like never before.
6. Mobile attacks will become widespread – Attacks launched against, and then from mobile devices will hit mainstream. In the last few years we’ve seen the rapid evolution of hacking and exploitation technologies that make point-and-click cybercrime a dark reality. Such tools have been focused on desktops, servers, and other high-performing platforms. However, with the increased power, capabilities, and sheer numbers of mobile devices, point-and-click hacking tools are beginning to emerge that target mobile platforms, dramatically increasing the number of cybercriminals aiming at the mobile world. Be prepared for 2016 to be the year where mobile-device security must be taken seriously.
It would be nice if none of the above security predictions came true. But the trends foreshadow a different story, and one that we need to prepare for. One thing is very clear: regardless of which security gurus you follow, they all agree that the bad guys are still ahead of the good guys – and getting better.