Last week, we shared with you five cybersecurity predictions for 2016. If those were the only threats, they would be more than enough to keep CIOs and IT admins on the offense all year. But more concerns are on the horizon and must be addressed to ensure enterprise security and data security for the year ahead.
We turned to Brian Contos, chief security strategist and senior vice president of field engineering at Norse, which provides live-attack intelligence, to get his thoughts on what lies ahead in 2016. He offered us 10 predictions and key threats to keep top-of-mind.
We shared the first five last week: (1) there will be more attack types aimed at the Internet of Things (IoT); (2) a higher number of emerging countries will be used as pawns in cyberattacks; (3) industrial espionage will continue its rise; (4) new malware designs will emerge; and (5) cybercriminals will keep targeting industrial systems.
In addition, get ready for these next five cybersecurity challenges in the new year:
1. Tor Troubles
“There will be a greater percentage of reconnaissance, attacks and exfiltration over Tor, anonymous proxies and related mechanisms for encrypted, anonymized communication,” Contos told us. Tor Project is an anonymous browsing service. It was breached in 2014. Specifically, those relays appear to have been targeting people who operate or access the features of the browsing service. The attack essentially modified Tor protocol headers to do traffic confirmation attacks.
2. Incident Prevention
“In the New Year, there will be a strong need to integrate incident prevention, detection and response for more rapid risk mitigation in the face of a growing volume of overall attacks,” said Contos. This will ring true with companies that were breached and those that were not. Outmaneuvering the bad actors remains a constant challenge in the security world.
3. Lines Increasingly Opaque
“The lines separating nation-state actors and cybercriminals will become increasingly opaque as talent, tools and techniques are used across both camps,” said Contos. This makes the law enforcement side of the equation even more vital as the FBI and other agencies set out to catch the criminals.
4. Predictive Intelligence
“We’ll see an increased need for predictive intelligence that helps organizations understand the ‘who, what, where and how’ of attacks before they hit their organization,” said Contos. IBM and others have invested heavily in security software that taps into big data to prevent attacks with predictive intelligence.
5. Incident Response
“Robust intelligence-driven incident response solutions coupled with incident responder services will be the norm for post-incident risk mitigation,” said Contos. McAfee and other security software companies have been placing a greater emphasis on this approach to combat threats and maintain service availability even in the face of a cyberattack.
Even More Cybersecurity Predictions
Looking back at 2015, we remember the vast array of breaches and hacks, as well as new technologies designed to stop the bleeding of critical data from within organizations.
With those in mind, BeyondTrust, a cybersecurity solutions provider, added another host of key threats to our list.
BeyondTrust predicts that in 2016, the hype around biometrics for authentication will burst and lead to additional crimes against identities.
There will be massive security vendor consolidation and thinning of the masses from single vendor point solutions.
Single-use credit card numbers or two-step authentication will become attractive options for curbing comprised credit card information.
A true username and password replacement will evolve.
And, last but not least, we may see -- or at least hope to see -- secure, always-on communications for all mobile devices.