5 cyber security predictions for 2016

How to defend your business against the worst hackers have to offer in the New Year

Hacker hand

When it comes to crystal ball gazing in the tech world, the rule of thumb is not to do it as you only end up looking like an idiot in 12 months' time.

This time, though, the sad truth of the matter is that predicting the shape of the IT security threatscape for next year really isn't that hard: 'more of the bloody same' pretty much sums it up.

But while exploit kits, DDoS attacks, and ransomware will all continue marching into the enterprise and doing damage, these threats will also evolve to become more dangerous.

Here's five IT security predictions to mull over as you recover from your New Year's Eve party.

Evolution not revolution

Criminals, be they of the cyber variety or any other, tend to stick to what they know works. However, the good guys are always upping the stakes by making it harder for that stuff to work, which forces the criminals to modify and improve their attacks.

Both the tactics and the tech are being constantly tweaked to make it harder to detect what is going on, and therefore making these attacks harder to stop.

What doesn't move, of course, are the goalposts: the bad guys are still after your data. This means you should focus on making it not only as hard as possible to access, but also useless to a thief if they do get through the barricades (yes, we're talking encryption here).

But what about the revolutionary changes, surely there must be some threats that fall outside of the 'slightly tweaked' norm, surely there must be some things that won't be obvious on the radar?

I'm not convinced that's actually true, at least not in the sense of being able to predict what they will be. Revolutions tend not to be announced in advance, after all. What we can do, though, is second guess the likely moves that will impact the enterprise and suggest you keep an eye open for them.

Harder, stronger, deeper, longer

One such shift will be more specific platinum breaches as criminals pick their targets, rather than adopting a scattergun approach. A platinum breach is the one that makes the headlines, the big job, the attack that yields a stupid-millions data haul.

The bad guys are likely going to rely less on broad-brush attacks when targeting these large enterprises and instead go deeper and narrower, becoming more sophisticated and spending more time and money to breach the defenses.

We've already seen such incidents as the TalkTalk data breach and the OPM hack in 2015 expect more in the New Year.

Arm the Androids

The weaponising of Android attacks could, finally, become a reality in 2016. We've already seen the warning shots being fired across the bows of the mobile landscape: Stagefright was a very near miss.

I've singled out Android for two reasons: market size and fragmentation. It has the largest number of mobiles users by a massive margin, and the OS is fragmented across handsets and versions. So not only is the opportunity for profit enormous for the bad guy, but the ability to roll out security protection against newly discovered vulnerabilities is hamstrung by the fragmented nature of the beast.

Internet of Insecure Things

Although it's not really that new, it's proving to be a revolutionary element of the tech sector, albeit in a somewhat laid back and gentle way. Yes, I'm talking about the Internet of Things (IoT), which cannot have escaped your attention and certainly hasn't passed the criminal fraternity by. The bottom line is that your data is valuable so you need to understand where it is going, and protect it both on the way and at the destination.

That's not proving as easy as you might hope for when it comes to a myriad of low-powered and minimally-resourced yet connected widgets. The exceptions are likely to be smartwatches, if adoption continues on an upward curve in 2016. These pack a fair amount of power onto the wrist, and can hold (or have access to) a lot of data.

Skills gap obesity

Perhaps the biggest threat organisations face in 2016 is the widening skills gap between those who would steal our data and those who can protect it. Security budgets are not bottomless pits, and there is often not enough money to enable IT security teams to both keep up with all developments within the threatscape and maintain the daily routine the job requires.

Criminal enterprises and state sponsored actors have the money to hire in the specialist skillsets required for a particular attack, they have the luxury of knowing precisely what they plan to do.

IT security teams, meanwhile, have to try and defend against everything and that is doomed to fail. Which brings me back to something I've said before and will keep saying again and again: it's all about the data, stupid...

Featured Resources

Humility in AI: Building trustworthy and ethical AI systems

How humble AI can help safeguard your business

Download now

Future of video conferencing

Optimising video conferencing features to achieve business goals

Download now

Leadership compass: Privileged Access Management

Securing privileged accounts in a high-risk environment

Download now

Why you need to include the cloud in your disaster recovery plan

Preserving data for business success

Download now

Recommended

What is digital transformation?
Business strategy

What is digital transformation?

1 Dec 2020
What is AES encryption?
Advanced Encryption Standard (AES)

What is AES encryption?

30 Nov 2020
UK's Huawei 5G ban brought forward to September 2021
Security

UK's Huawei 5G ban brought forward to September 2021

30 Nov 2020
Hacker claims to be selling C-suite executives' Microsoft credentials
Security

Hacker claims to be selling C-suite executives' Microsoft credentials

30 Nov 2020

Most Popular

Huawei Mate 40 Pro 5G review: A tragically brilliant Mate
Mobile Phones

Huawei Mate 40 Pro 5G review: A tragically brilliant Mate

26 Nov 2020
What is phishing?
phishing

What is phishing?

25 Nov 2020
Microsoft Teams no longer works on Internet Explorer
Microsoft Office

Microsoft Teams no longer works on Internet Explorer

30 Nov 2020