7 cybersecurity trends for 2016
With more than 50,000 registered attacks cybersecurity trends for 2016 become evident, 2015 was a year in which the number of attacks has soared 177% over the previous year. It has increased the exposure of all sectors, but highlights the number of attacks on critical infrastructure and increasing attacks on online sales portals. In 2015 the INCIBE recorded more than 65 “security incidents” related to critical infrastructure in Spain, including the energy system, transport or financial are.
Similarly, the Spanish SMEs have reported an exponential increase Ransomware attacks, denial of service (DoS), credential theft and wire fraud.
Cyber attacks are constantly evolving, making cybersecurity professionals, “good”, they face challenges increasingly complex to protect sensitive data assets and businesses and individuals.
Since 2014, ENISA (European Network and Information Security Agency) has observed the following significant advances in techniques of attack and sophistication of malicious actors:
Persistent attacks targeted at hardware, below the “radar” of tools and methodologies defense.
Great best in cybercrime as a service and development of tools for non-experts.
Development of highly efficient use of malware as a weapon and automatic detection tools and vulnerability exploits.
Using highly sophisticated malware and malicious and cost-effective infrastructure to launch campaigns to filter data and hijack ex data.
Extend the scope of attack to include routers, firmware and the Internet of Things.
The following highlights some of the trends in cybersecurity, the team of K2 Intelligence dominate the corporate and public sectors in 2016:
- Cybercrime as a Service
To professionalize cybercrime, the supply of services by cybercriminals has been standardized and act as a mirror of legitimate service providers with satisfaction surveys, customer channels and returns if the product does not meet promised. The services available on the Internet or in the darknet, where you can purchase cybercrime toolkits, DDoS (Denial of Service) and remote access tools (RATs). By increasing attacks produced by actors unsophisticated it is clear that it is becoming easier to hire hackers to perform the dirty work.
Are companies ready to tackle the economic model of cybercrime in which hackers hired, or any 15 year old with a malicious Bitcoin can buy a kit and then launch it on any unsuspecting company? We do not know, but if companies are not able to manage tens or hundreds of thousands of cybersecurity receiving alerts daily, we see that more and more frequent and more damaging attacks will occur.
The ransomware (eg cryptolocker or Cryptowall), which has been the bane of the second and third quarter of 2015, will remain a major threat to enterprises in 2016. A ransomware attack begins when a company employee opens a malicious link that encrypts often critical files, with a message that demands payment for their release. If the victim does not pay, the attackers deleted the files, although there is no guarantee that if you have paid release. For larger companies, with a rigorous backup procedure, it is a minor problem. For SMEs, the ransomware is a big problem, and is ready for sale in the Deep Web.
Who hacks who and why? The events of recent months in Paris, Belgium, Germany, Ukraine (to name a few) … reveals many terrorist groups whose goals are disrupting business in the EU and the US with attacks aimed at deface web pages, or worse, paralyze or destroy critical infrastructure.
- Attacks on the cloud
The bank robber Willie Sutton said he robbed banks “because that’s where the money is.” The same will happen in the cloud in 2016. As more and more businesses move their operations, in part or in full, to the cloud, this will become a database for hackers. Therefore we will see an increase in campaigns to steal passwords and privileged administrative information that will lead to attacks on cloud services and credentials theft and identity theft. The data protection strategies of service providers in the cloud must be integrated into any environment in the cloud, and we better that these strategies are very good, and our data will be seriously compromised.
- Mobile devices – A cybersecurity ecosystem without a perimeter defense
In the era of Bring Your Own Device (BYOD), mobile devices have created new challenges for many companies whose employees access the network remotely or have the ability to transfer data to third parties from outside the corporate network. Are these updated from the perspective of security devices?
One of the issues to consider, among the many unknowns that presents the BYOD is whether the mobile device user accidentally downloaded a malware application that aims to get your ID and password. In 2016 companies will have to better manage their policies and procedures regarding the BYOD, or continue to face attacks from remote endpoints.
- Prevalence Encryption
The good against him as not good; It is said that cybersecurity trends have been knowed for the recent tragedy in Paris wich has brought back to light one of the most debated issues in 2015. This debate will continue in 2016. For many companies, encryption is a need to protect personally identifiable information (PII) or customer data or consumers. Encryption in the cloud can become even more important as companies, seeking scale efficiency, optimization and monetary savings, move more and more to a cloud-based environment.
For those who are dedicated to privacy and cybersecurity trends, encrypted communications provide an important check on the ability of governments to control personal communications supposedly for wrong purposes.
For those who are in charge of making the law is enforced, encryption is a difficult challenge when it comes to control the terrorists and even thwart terrorist threats. These discussions will continue in 2016. encryption must find a happy medium, especially after the attacks in Paris. Our lives may depend on it.
- Business vs vs. Privacy Security – Safe Harbour problems
It is expected that regulatory agencies in the US and EU remain very active in 2016, with the development of new regulations and penalties environment to international transfers of data between the two continents. They will be particularly affected financial institutions, which will see increased regulatory scrutiny on their positions cybersecurity trends because of the risk they pose to society as operators of critical infrastructure.