Symantec Predictions for 2016 – Looking Ahead
Today’s cyber criminals are skilled enough and sufficiently resourced to have the persistence and patience to carry out highly successful attacks on consumers, businesses and governments around the world. Their efforts have turned cybercrime into big business with private information being stolen on an epic scale. In 2015, we saw how much consumer confidence was rocked by the number of mega breaches that exposed the identities of millions of people. The ability for some organizations to recover from a data breach was paralyzing as we saw in the Ashley Maddison data breach.
There is no magic-bullet technology that will guarantee immunity from Internet crime or determined, targeted attacks, but being prepared for the worst can prevent some attacks. So, what lies ahead for 2016? What will be the biggest threats that will target consumers and businesses? How will some of the newest technology trends impact privacy and regulation? And how will businesses respond to data breaches when it is no longer a matter of if, but when you will be breached? As the year draws to a close, Symantec’s security intelligence team has put together the top security predictions for the year ahead and beyond. Here are our top picks for 2016 –
1. Opportunities for Cyber criminals to Compromise Apple Devices Will Grow
Apple devices have experienced a surge in popularity in recent years. According to IDC, the company now accounts for 13.5% of global smartphone shipments and 7.5% of global PC shipments. This increase in usage has not gone unnoticed by attackers. A rising number of threat actors have begun developing specific malware designed to infect devices running Mac OS X or iOS.
2. The Tipping Point for Biometric Security Is Approaching
The last two years have seen a significant rise in the use of biometrics. This is expected to grow significantly with major industry players implementing new capabilities both with new sensors in devices and with adoption of biometric authentication frameworks like FIDO and TouchID. This facilitates secure on device storage of biometric information (like fingerprints) as well as interoperability between apps and systems. What this means is that biometrics can finally answer the “what’s in it for me” question that consumers have been asking, while replacing passwords with strong traditional PKI authentication protected by the biometric sensor. The consumer gets better security with significantly increased convenience for device unlocking, purchasing and payments. This also is leading to enterprise adoption of biometrics that may start to see a reduction on the dependence on passwords.
3. The Need for Improved Security on IoT Devices Will Become More Pressing
As consumers buy more smart watches, activity trackers, holographic headsets, and other Internet of Things (IoT) devices, the need for improved security on these devices will become more pressing.
According to a Gartner report titled Agenda Overview for the Internet of Things, by 2020 close to 30 billion connected things will be in use across a wide range of industries and the IoT will touch every role across the enterprise. In addition, the evolving concept of “care is everywhere” may see medical device security become a mainstream topic in 2016. It’s widely known that life-sustaining devices like pacemakers or insulin pumps can be hacked. Fortunately, to-date, no such case has been reported outside proof-of-concept security research; however, the potential impact remains high. Under the evolving umbrella of mobile health, or mHealth, new care delivery models will move devices into the patient’s home. This will place medical devices on public networks, provide medical apps through consumer devices such as smartphones, and interlace personal data with clinical information.
With these changes happening so rapidly, regulation may be forced to catch up with technology in 2016. We may find that some countries or industries will begin to develop guidelines that address the new risks of information use, data ownership, and consent presented by IoT devices.
4. Risk of Serious Attacks to Critical Infrastructure Will Increase
We have already seen attacks on infrastructure and in 2016 we can expect this to continue to increase. The industrial IoT is becoming more connected due to requirements and demand for reporting and improved functionality through connectivity with additional services. These changes introduce bigger attack surfaces into the more traditionally hard to secure environments.
5. The Need for Encryption Escalates
Encrypt everywhere is quickly becoming the mantra of the technology industry. With so much communication and interaction between people and systems happening over insecure and vulnerable networks like the Internet, strong encryption for this data in transit has been well recognized for some time and it is generally implemented.
Unfortunately many new devices and applications have had poor implementations, leading to vulnerabilities that allow focused attackers to gain access to communications. For example, the mobile device has become center of most peoples’ lives for communications, data storage and general technology interaction. This presents a high value target for cybercriminals, who are looking to exploit this. Mobile OS makers continue to make improvements to the encryption of their products to fill in the gaps from the application and service makers. While this trend of encrypting more is good for protecting user data from cyber criminals, it has also raised the ire of governments who believe this be a hurdle for law enforcement. It seems that the crypto-wars of the 90’s may be repeated in the next two years.
6. Cyber Attacks and Data Breaches Will Drive the Need for Cyber Insurance
When we look at the rapid adoption of cyber insurance, there are two key factors that attribute to this growth: new regulations which obligate companies to respond to information breaches; and the increase of cyber criminals using stolen information for payment fraud, identity theft, and other crimes.
Cyber-attacks and data breaches cause reputational harm and business interruptions, but most of all—they are expensive. Relying on IT defenses alone can create a false sense of security; however, no organization is immune from risk. In 2016 many companies will turn to cyber insurance as another layer of protection, particularly as cyber-attacks start mirroring physical world attacks.
7. Security Gamification and Simulation Will Tackle the Security Awareness Challenge
Internet security relies on the human element as much as it does on technology. If people were more skillful, they could help reduce the risks they faced. This is as true of consumers avoiding scams as it is of government employees avoiding the social engineering in targeted attacks. In this context, security gamification could be used, for example, to train consumers to be wary of phishing emails or to generate, remember, and use strong passwords. Symantec sees a big market opportunity and a great need for this kind of training in 2016.
The writer is Mr Tarun Kaura, Director – Solutions Product Management – APJ, Symantec.