Most of us are returning to work after the end of year holidays, excited about a new year and new opportunities. Many of us have watched as 2015 has been a year filled with major cyber security breaches - from the attack on the Office of Personnel Management (22 million affected) to the breach of the Ashley Madison dating site (up to 40 million affected) and the hack of T-Mobile customer accounts (15 million affected). Yes, 2015 was truly awesome in terms of cyber security events.
But what will 2016 have in store for us? Can it possibly get worse? Let’s have a look at some of the predictions that are being made regarding cyber security for the year ahead.
- Now it really gets personal: Your personally identifying information (PII) or in other words, your identity data, was a major target for cybercriminals in 2015, and there is no reason to think 2016 will be any better. 2015 may well be a year where our data was simply being collected, ready for use in secondary attacks. There was a hint of this when the IRS was breached in April 2015. The earlier breach of the insurance company, Anthem, which resulted in the identity breach of nearly 80 million records, allowed cybercriminals to utilize the stolen records of those individuals to carry out fraudulent tax claims.
- Next gen tech: First there was gen x, then gen y and z, now we are all part of ‘generation tech’. From wearables, like watches and fitness bands, to smart TVs and the Internet of Things (IoT) with devices like smart lighting for our homes and offices, we are all embracing technology. Gartner predicts that by 2017 there will be around 4.9 billion devices connected to the Internet. But the technology that we love might end up biting us back, as cybercriminals use the IoT to get into our lives, our finances, and our personal data.
- An ad too far: Malvertising, or online ads and videos that have malware integrated into them when they enter the ad network, are a very powerful tool in the cybercriminal arsenal and one they won't give up too easily. Malvertising has exploded; Cyphort Labs found a 325% increase in malvertising in 2014 with more announcements at the Black Hat conference of a further 260% increase in the first half of 2015. Malvertising works, it works easily, and it works well. It is a way to get malware onto a client machine without even having to click on an ad or video. It is simple, it uses vulnerabilities in software like Adobe Flash, and it does the job well – cybercriminals won't give up on a tool that works, so we can only expect malvertising to increase in 2016.
- A rotting Apple: 2016 is predicted to be the year that Apple operating systems are really targeted. A number of industry players have shown that IOS attacks have
doubled in 2015, and Mac attacks are increasing. In the first nine months of 2015, there were seven times the attacks seen on Macs in all of 2014. The Mac seems to be no longer immune to malware infection.
- I am who I say I am: Authentication is the bugbear of everyone’s life. Password fatigue is hardly news, but it is becoming an urgent New Years resolution to try and sort the whole area out, once and for all. Authentication issues are a two-pronged affair. Firstly, the dreaded password and how to replace that with something that is both secure and easy to use – work is being carried out by the FIDO Alliance to find password free protocols. Secondly, some serious breaches have been pinpointed to having poor authentication measures in place. For example, the Target breach of 70 million user accounts could probably have been prevented if a second-factor authentication method, for example, SMS text message codes, or a biometric, had been used along with the password.
- A King’s ransom: Ransomware is one of the most sinister cyber threats we face. The malware encrypts all of the files across the network and beyond, telling those infected that to have any chance of getting those files back, they have to pay up. Ransomware is successful because it uses our own human behavior to trick us. Ransomware is too good a trick just to use to extort money from encrypted data. It is morphing, and the same social engineering tricks are being used to persuade company executives to transfer money into cybercriminal accounts. The new era of cybercrime is one of multiple tricks and connected threats, using tools of the trade, like phishing and spear phishing, watering holes, drive-by-downloads and splintered malware (that comes together when a specific series of events occurs making detection and prevention much more difficult). Cybercriminals will be taking their levels of sophistication to new heights in 2016.
- It’s all just a game: My prediction for 2016 and beyond is the gamification of cyber security. Gamification is a series of design elements and principles used originally in gaming, but that are now being applied in other technologies, such as mobile and web apps, to encourage user interaction and engagement. I predict that as an extension to the current social engineering methods employed by cybercriminals to encourage us to click on a link or enter our login credentials to a fake bank site, they will start to use principles of gamification to ‘up their game’ further. These tricks and methods will encourage us to do things we really shouldn't, making their criminal activities even more lucrative and more difficult to prevent.
2016 is likely to be as bad, if not worse than 2015, in terms of cyber crime events. However, we are making great progress in the war against cybercrime and WatchPoint is there every step of the way.