As another year comes to an end, security experts are looking back at the trends and most notable breaches in 2015. From Anthem to the Office of Personnel Management to top security vendors falling victim to infiltration, 2015 was a banner year for malware, data breaches and advanced persistent threats (APTs).
Using what they’ve learned from the past year, cyber security experts are looking at what’s ahead for 2016. With the ever-changing threat landscape and cyber criminals always working to stay one step ahead, it’s important for organizations and consumers to take proper security measures. In this slideshow, experts from AppRiver, Cyphort and CounterTack look at what trends we can expect to see in the year ahead, as well as tips on how to prepare.
2016 Security Trends
Click through for the top trends security experts anticipate will be center stage in 2016, and tips for how to prepare, as identified by AppRiver, Cyphort and CounterTack.
Prediction: Android threats get real.
In 2015, Android security was a major hype factor for startups. Cyber security experts at Cyphort say that in 2016 we should expect Android devices to become a serious vector for cyber attacks, as part of the attack surface for infiltration into business networks and assets. This is driven by two main factors: (1) Android phones are really showing their presence on enterprise networks with or without BYOD blessing and (2) the open platform has been embraced by consumers as well as bad actors with a prolific rooting malware industry.
Tip: To stay ahead of the curve, organizations should implement a solution that continuously monitors Wi-Fi access for all mobile devices. The solution should provide basic visibility into applications and corresponding network activities when running through the corporate IT infrastructure. Solutions should also identify and stop threat activities, such as infiltration and data theft, through Wi-Fi networks. Of course, additional measures (e.g., endpoint agent) will be required along with granular BYOD access policy enforcement in order to protect against unauthorized access and data theft over 4G networks.
Prediction: Increase in APT-style financial crimes.
Cyphort predicts that we will see more APT-style financial crimes like the Carbanak campaign, that moves money out of customer accounts from inside the bank system, and the malware-powered “pump and dump” attack on Wall Street. The first provides hard evidence that issuing EMV payment cards and insisting on upgrading cash registers to use the embedded smart chip instead of the “backward compatible stripe” are all necessary steps for reducing breaches and fraud, while still not being totally sufficient. The second was also just the “tip of the iceberg” for well-organized crimes, using low-and-slow cyber attacks combined with physical-world campaigns.
Tip: Financial institutions and consumers must both do their part to better protect against new financial threats. Institutions must take concrete steps to detect and stop threats at all points of attack on the financial transaction chain – from POS machines to online purchase handling to bank transaction processing. Steps include getting all merchants to upgrade their POS and stop using the magnetic stripes on the EMV card; implementing continuous monitoring, diagnostics, and mitigation on all their transaction processing systems; and watching for fraudulent activities beyond those from stolen card credentials. Consumers must be vigilant about where and when to use their cards versus using cash and whether certain sites are safe.
Supply Chain Ecosystems
Prediction: Supply chain ecosystem becomes focal point for attacks.
CounterTack experts predict that the supply chain ecosystem in corporate America will be affected more by cyber threats and attacks than individual companies. The reason: Attackers are looking to exploit weak controls, gaps between systems where security controls or mechanisms likely don’t align, and ultimately because securing transactionally based processes typically takes a backseat to booking orders.
Tip: Security has to evolve from an afterthought to a priority — revenue doesn’t funnel in to support bottom-line growth if it’s intercepted by attackers or the infrastructure is not secure to get there. As the supply chain is becoming “the new perimeter,” organizations should perform third-party validation on how secure supply chain vendors are, inclusive of their systems and technology. Second, after identifying blind spots and gaps, organizations must proactively monitor behavior and activity across endpoints and network traffic.
Sale of Data
Prediction: Data selling and nation-state attacks increase.
According to CounterTack, we will continue to see the selling of data by malicious actors to finance their organization’s goals — whether it is nation-state or terrorist related. A recent Ponemon study showed that 35 percent of the organizations surveyed were certain they had already been victims of a nation-state attack.
Tip: Create a culture of security across the organization and make everyone a security stakeholder by ensuring training is targeted, repeatable and measurable. Second, it’s critical to understand the delineations between nation-states targeting your organization vs. commodity malware processes running. From there, more intimately understanding an organization’s threat landscape allows you to make the right decisions around detection, prevention, analysis and remediation of threats.
Attribution Becomes Obsolete
Prediction: Attribution becomes obsolete.
In the wake of smash and grab attacks that garner headlines, CounterTack’s security team believes that attribution will become obsolete. Regardless of the origin (nation-state, terrorist, malicious actors), cyber attacks will have the same outcome, including stolen IPs, financial information, credentials, and the ability to strike fear in the enterprise.
Tip: Organizations must focus security efforts on protecting the business rather than investigating threat actor activity for attribution purposes. Organizations should save the investigative resources to attribute attacks as part of a designated post-attack/post-incident/post-breach process only. Further, companies should be looking strategically at how they can more rapidly detect attacks, prevent further infiltration and contain any damage to protect the business.
Prediction: Ransomware attacks will rise as victims continue to pay.
There’s no question that Ransomware – malware that locks files and holds them as a ransom until the individual or organization pays to have them recovered – is increasingly on the rise. According to experts at AppRiver, the growth is happening because it is working. Victims continue to pay cyber criminals and in-turn the bad guys keep doing what’s working so well for them. Unfortunately, by the time ransomware has been installed on your network, it’s often too late to recover your files without paying the ransom. Preventing ransomware from getting onto your network, however, is fairly easy.
Tip: Organizations can protect themselves in a number of ways, including 1) backing up files on a daily basis; 2) ensuring all hardware and software is updated, as updates often contain security patches for malware vulnerabilities, and 3) adopting a layered online security approach. With the combined efforts of an anti-spam and malware email filter and web protection, organizations will be much more likely to keep malware off a network.
Mobile Devices and IoT
Prediction: Motivation for mobile device hacks will continue to increase due to IoT.
With IoT, everything is connected. With so much more information at our fingertips, it gives cyber criminals more motivation and opportunities to steal your information. It only takes one device to be hacked for all of your personal information – from your home address to health records – to be in jeopardy. Why are cybercriminals targeting mobile? According to AppRiver, cybercriminals go where the numbers are. Most of the mobile malware that has been seen to date has been designed to target Android devices, with the main reasons being Android has the largest number of users and the most open platform. However, no system is immune from a mobile attack. When vulnerabilities like this exist in any popular OS and hackers know about them, it is only a matter of time before they are exploited.
Tip: Fortunately, since vulnerabilities are often discovered and patched, a simple update can determine whether you fall victim or not. Organizations best protect mobile users against this kind of attack by strongly encouraging/ensuring all users keep their devices up to date with the latest versions of their OS and prohibiting users from “jailbreaking” their devices. Additionally, every organization’s security training should include reminders about safe browsing and identifying suspicious links.