Cybersecurity professionals used 2015 cyber-attacks to guide security predictions for the upcoming year. Start preparing now.
In 2015, several attacks compromised millions of personal records. The main breaches in 2015 according to Network World are as follows:
- Multiple breaches in the Office of Personnel Management (OPM) led to the theft of 22 million records on current and former employees.
- The hacks on two major health insurers, Anthem and Premera, compromised data for about 80 million people. Anthem’s breach went undetected for nine months, Premera’s for almost eight.
- When hackers revealed confidential material obtained from Ashley Madison, not only did they compromise 37 million customers’ personal information, but the disclosure also led to profound embarrassment and in two cases, suicides.
- After breaking into the Internal Revenue Service, hackers used tax records for 330,000 taxpayers to collect bogus refunds.
These attacks, just a few of many in 2015, have guided security professionals’ predictions for 2016.
While avoiding breach altogether is unrealistic, companies can do their best to prepare for compromise so when it comes, they can react quickly and efficiently. FortiGuard Labs lists five cybersecurity threat predictions to watch for in 2016:
IoT: Great Friend and Sneakiest Foe: The Internet of Things is expected to grow even more in 2016. The possibilities are exciting. However, in 2016, Jason Sabin of DigiCert cautions that, “Hackers will use IoT devices as springboards into corporate networks.” Access points multiply as the number of IoT devices used in the workplace increases. Across the board, security professionals agree that IoT will become central to “land and expand” attacks. Hackers will take advantage of vulnerabilities in every area from smart home devices to wearables, compromising corporate-issued devices or corporate networks.
Jail-breaking the Cloud: Hackers are expected to seek out vulnerabilities to compromise host systems as virtualization technologies expand further. Specifically, mobile applications can potentially turn mobile devices into vectors for remote attacks on cloud-based systems.
“Ghostware” Conceals Indictors of Compromise: Contrary to “Blastware,” which destroys itself and host systems if detected by antivirus software, “Ghostware” extricates data and deletes all evidence of compromise before it can even be detected. Subsequently, companies don’t even know where to start when seeking out the extent of data loss.
Headless Worms Target Headless Devices: Autonomous, or “headless,” attacks are likely to make their headless device debut in 2016. Malware is expected to disseminate from device to device with the expansion of attack surfaces like those found in the IoT.
Two-Faced Malware: Savvy attackers are expected to design a new two-faced malware that will carry out a benign process at runtime, mask its efforts as safe while under inspection, and then execute its malicious process once clear. Additionally, companies face another challenge if this malware is flagged as safe by their advanced sandboxing techniques. In this case, two-faced malware will escape future inspection by vendors’ threat intelligence systems.
Looking Forward in Cybersecurity
As technology enhancements continue to improve the professional world, there is a paralleled demand for stronger security. These predictions should push companies to implement better security solutions to avoid breaches in 2016.
For an in-depth look at predictions expected to arise in 2016, visit Georgia Tech’s Emerging Cyber Threats Report for 2016, collated from their annual Cyber Security Summit. McAfee Labs 2016 Threats Predictions also outlines a five-year forecast for cybersecurity.