data breach 2015

2015 Cybersecurity in review: Threat predictions for 2016

December 30, 2015

It seems as if high-profile cybersecurity breaches were constantly making the news in 2016. Remember America’s Thrift Stores, TalkTalk, and Vtech.

As in the past, in 2015 most hackers attacked company networks for financial gain. However, a few other attackers, such as those who hacked cheating website Ashley Madison did so for moral reasons.

Those breaches and others, including Anthem, BlueCross BlueShield, JPMorgan Chase, and the U.S. Office of Personnel Management (OPM), indicated that even though organizations were spending considerable amounts of money on cybersecurity, their infrastructures were not adequately protected.

As 2015 draws to a close, here’s a look at what the cybersecurity landscape might look like in 2016.

1. More Focus on Third-Party Vendors – Enterprise security managers understand that cyberattacks and data breaches could very likely start with third-party vendors that have access to their corporate networks, according to an article by Jon Oltsik in NetworkWorld. For example, hackers who breached the systems of retail giant https://www.securelink.com/securelink-blog/target-breach-how-to-prevent/ Target as well as the OPM did so by first compromising the vendors’ systems.

Additionally, servers, routers, storage devices, and network appliances could all introduce malicious code into corporate networks. To that end, experts predict chief information security officers will go to greater lengths to ensure that they can control, monitor and audit the systems of their third-party providers.

2. An Increase in Ransomware – Ransomware is a type of malicious software designed to block access to a company’s systems until that firm pays the hackers a sum of money. Typically, ransomware has been used by petty hackers going after small businesses and sometimes government agencies. However, 2016 could bring with it a “frightening escalation” in enterprise ransomware, Oltsik noted.

“We could see ransomware bundled with worm-like proliferation techniques to ‘brick’ all the Windows endpoints and servers of a targeted organization,” he said.

The hackers could then demand millions from their corporate victims. Unfortunately, ransomware is so good that the FBI has warned companies that they may not be able to get their data back if they don’t pay the ransom, according to an article in The Security Ledger.

“The ransomware is that good,” said Joseph Bonavolonta, the assistant special agent in charge of the FBI’s CYBER and Counterintelligence Program in its Boston office, in the article. “To be honest, we often advise people just to pay the ransom.”

3. Advances on Tap in Cloud Security – The fact is more and more businesses are moving their systems to the cloud where they store reams and reams of sensitive corporate data, including customer and employee confidential information. Exploitation of this data could put organizations and their customers as risk. The good news, though, is that more companies will offer “new ways of doing more comprehensive security as cloud technology evolves,” according to an article in Infosec Island. And better security will “drive more business to the cloud.”

4. More Emphasis on Data Security – The increase in the use of mobile technology and cloud computing has made it even more difficult for companies to secure how their data is accessed and used, according to the Infosec article. Organizations need to ensure that only the appropriate users have access to the various views of the same data. “This would mean identifying assets, more fine-grained application/API level control, better monitoring, auditing, and securing the storing and transmission of data,” the article noted.

View this video to see how you can manage vendor threats.