The last twelve months saw many high-profile and innovative cyber-threats, costly and embarrassing breaches, and several cybersecurity trends. Many executives and boards have been reactive rather than proactive, catalyzing many companies to revamp their cybersecurity risk profiles. So what should companies expect to hit the front pages in 2016?
Extortion Hacking
Following a high-profile hack in late 2014, it seemed that hacker shakedowns would increase in 2015. Extortion hacks occur where attackers threaten to release sensitive company or customer data if the victim doesn’t meet financial or other demands. So, even if the company backed up data, the release of the data can create disaster for a company and its customers. Two high-profile attacks in 2015 caused a CEO to step down, identity theft of millions, and lawsuits. Expect to see more extortion hacking in 2016.
Access Innovation
As the saying goes, sometimes when you close a door, a window opens. When retailers discontinued storing personally identifiable information in databases, hackers stole unencrypted data live as it was sent to banks for authentication. When that live data was encrypted before transit, attackers installed malware on point-of-sale readers to steal the data. Chip-and-PIN cards now are the next line of defense. However fraud for transactions completed over the phone or online has increased significantly and will continue to do so in 2016.
Data Manipulation
Cyber operations that manipulate data in lieu of releasing data will become more prevalent. Data users will question the integrity of data that has been manipulated to the point where it becomes useless. Such data sabotage is very difficult to detect and yet has enormous consequences. For example, hackers could alter data in financial and stock trading systems, causing stock prices to rise or fall. Worse yet, data manipulation can result in deaths. Foreign spies have invaded numerous defense contractor networks in the last decade. Such manipulations may be worse than theft; altering the integrity of weapons systems and defense codes can change how defense systems operate.
Backdoors and Internet of Things (IoT) Vulnerability
Backdoors can give an attacker the ability to decrypt protected traffic running through a VPN on a company’s firewalls. Only a government intelligence agency would have the resources to intercept large amounts of VPN traffic which suggests the rise of nation-state attackers. Companies should be prepared for more backdoors to be hacked in 2016.
Connected cars, medical devices and skateboards were all hacked in 2015. As the IoT continues to develop, so will vulnerability points. Hackers’ commandeering of Internet of Things (IoT) devices for botnets will increase in 2016.