5 cyber security predictions for 2016

How to defend your business against the worst hackers have to offer in the New Year

Hacker hand

When it comes to crystal ball gazing in the tech world, the rule of thumb is not to do it as you only end up looking like an idiot in 12 months' time.

This time, though, the sad truth of the matter is that predicting the shape of the IT security threatscape for next year really isn't that hard: 'more of the bloody same' pretty much sums it up.

But while exploit kits, DDoS attacks, and ransomware will all continue marching into the enterprise and doing damage, these threats will also evolve to become more dangerous.

Here's five IT security predictions to mull over as you recover from your New Year's Eve party.

Evolution not revolution

Criminals, be they of the cyber variety or any other, tend to stick to what they know works. However, the good guys are always upping the stakes by making it harder for that stuff to work, which forces the criminals to modify and improve their attacks.

Both the tactics and the tech are being constantly tweaked to make it harder to detect what is going on, and therefore making these attacks harder to stop.

What doesn't move, of course, are the goalposts: the bad guys are still after your data. This means you should focus on making it not only as hard as possible to access, but also useless to a thief if they do get through the barricades (yes, we're talking encryption here).

But what about the revolutionary changes, surely there must be some threats that fall outside of the 'slightly tweaked' norm, surely there must be some things that won't be obvious on the radar?

I'm not convinced that's actually true, at least not in the sense of being able to predict what they will be. Revolutions tend not to be announced in advance, after all. What we can do, though, is second guess the likely moves that will impact the enterprise and suggest you keep an eye open for them.

Harder, stronger, deeper, longer

One such shift will be more specific platinum breaches as criminals pick their targets, rather than adopting a scattergun approach. A platinum breach is the one that makes the headlines, the big job, the attack that yields a stupid-millions data haul.

The bad guys are likely going to rely less on broad-brush attacks when targeting these large enterprises and instead go deeper and narrower, becoming more sophisticated and spending more time and money to breach the defenses.

We've already seen such incidents as the TalkTalk data breach and the OPM hack in 2015 expect more in the New Year.

Arm the Androids

The weaponising of Android attacks could, finally, become a reality in 2016. We've already seen the warning shots being fired across the bows of the mobile landscape: Stagefright was a very near miss.

I've singled out Android for two reasons: market size and fragmentation. It has the largest number of mobiles users by a massive margin, and the OS is fragmented across handsets and versions. So not only is the opportunity for profit enormous for the bad guy, but the ability to roll out security protection against newly discovered vulnerabilities is hamstrung by the fragmented nature of the beast.

Internet of Insecure Things

Although it's not really that new, it's proving to be a revolutionary element of the tech sector, albeit in a somewhat laid back and gentle way. Yes, I'm talking about the Internet of Things (IoT), which cannot have escaped your attention and certainly hasn't passed the criminal fraternity by. The bottom line is that your data is valuable so you need to understand where it is going, and protect it both on the way and at the destination.

That's not proving as easy as you might hope for when it comes to a myriad of low-powered and minimally-resourced yet connected widgets. The exceptions are likely to be smartwatches, if adoption continues on an upward curve in 2016. These pack a fair amount of power onto the wrist, and can hold (or have access to) a lot of data.

Skills gap obesity

Perhaps the biggest threat organisations face in 2016 is the widening skills gap between those who would steal our data and those who can protect it. Security budgets are not bottomless pits, and there is often not enough money to enable IT security teams to both keep up with all developments within the threatscape and maintain the daily routine the job requires.

Criminal enterprises and state sponsored actors have the money to hire in the specialist skillsets required for a particular attack, they have the luxury of knowing precisely what they plan to do.

IT security teams, meanwhile, have to try and defend against everything and that is doomed to fail. Which brings me back to something I've said before and will keep saying again and again: it's all about the data, stupid...

Featured Resources

The ultimate law enforcement agency guide to going mobile

Best practices for implementing a mobile device program

Free download

The business value of Red Hat OpenShift

Platform cost savings, ROI, and the challenges and opportunities of Red Hat OpenShift

Free download

Managing security and risk across the IT supply chain: A practical approach

Best practices for IT supply chain security

Free download

Digital remote monitoring and dispatch services’ impact on edge computing and data centres

Seven trends redefining remote monitoring and field service dispatch service requirements

Free download

Recommended

Senators urge FTC to enforce child privacy laws
privacy

Senators urge FTC to enforce child privacy laws

8 Oct 2021
Five best practices for resilient, reliable, remote IT services
Whitepaper

Five best practices for resilient, reliable, remote IT services

5 Oct 2021
What does a CISO do?
Careers & training

What does a CISO do?

6 Sep 2021
Are you over-sharing online?
social media

Are you over-sharing online?

1 Sep 2021

Most Popular

Best Linux distros 2021
operating systems

Best Linux distros 2021

11 Oct 2021
Windows 11 has problems with Oracle VirtualBox
Microsoft Windows

Windows 11 has problems with Oracle VirtualBox

5 Oct 2021
What is cyber warfare?
Security

What is cyber warfare?

15 Oct 2021