A new year is upon us, and with that brings many changes. Cybersecurity is no exception, and discussed below are some predictions regarding the direction cybersecurity will take in the new year:
- Android Threats Will Become a Reality
2016 will see a rise in the number of Android threats being exploited. The Android platform contains many vulnerabilities, many of which could take up to months to properly patch. It has been said by Google that as of yet, none of these vulnerabilities have actually been exploited, but it is likely to become a reality soon, as it is an open invitation for attackers.
Attackers have already been creating samples that skillfully avoid the Google Play Store filtering and detection. This gives the app a better chance of remaining in the app stores. Hackers design apps that load as though they are harmless games when it thinks it is being tested, but when safe to do so will load malicious content. There have also been instances of mobile users using third-party app markets and being misled into granting malicious apps from the Shedun adware family control over the Android Accessibility Service.
Once control has been granted, the app then has the ability to display unwanted popups that install highly intrusive adware despite the user rejected the attempt for it to be installed. This is because the apps root the device and embed themselves into the system partition, meaning it is very difficult to uninstall them.
- The Possibility of iOS Threats Becoming Mainstream
2015 saw the Apple app store suffer a few hits, such as the InstaAgent app, which managed to sneak through the vetting processes, and was pulled by both Google and Apple stores, and also XcodeGhost, which managed to fool Apple app developers into integrating the code into their apps, infecting them while remaining hidden behind what appeared to be normal Apple code.
There is no shortage of new apps coming onto the market, with the number rising over a million per respective marketplace, so it is an obvious thought that an increasing number of attackers will attempt to get past the vetting processes. Despite the likelihood of this particular concern, it is important to note that as in the past, Android will continue to be an easier target than iOS.
- Cybercriminals Will Target SMBs
In the last year, there has been much news of big-scale hackings, such as Talk Talk and Ashley Madison, but big businesses are not the only ones being targeted. According to a recent PwC report, 74% of small and medium businesses have experienced a security issue in the last year, and we can expect to see this number continue to rise, as SMBs are considered to be easy targets.
Criminals have been monetizing small businesses using ransomware, which is a far more visible approach than traditional payloads, such as sending spam, data theft, and infecting websites in order to host malware, with many businesses often not even realizing they have been infected. Ransomware is much more visible, and has the potential to be disastrous to a SMB is the ransom is not paid, making it an obvious reason why attackers are targeting SMBs.
We can expect to see much more of this in the new year. Because SMBs lack the resources and security budgets of larger organizations, they often only apply a best-effort approach to security investments, such as equipment, services and staff. This leaves them vulnerable, as it is easy for hackers to find gaps in security and infiltrate the network.
- Changes to Data Protection Legislation Meaning Increased Fines for Those Unprepared
In the coming year, the pressure on businesses to keep customer data safe and secure will increase, with legislation coming in place to assure this. In the future, businesses will face severe penalties if they fail to secure data in an appropriate way. This will have a direct impact on how businesses approach security.
New legislation will encompass a number of concerns, including the fact that businesses will be responsible for protecting any and all data they process, including cloud providers and third-parties. By modernizing the laws that surround communications data, police and other intelligence bodies will have the ability to access all aspects of communications on ICTs, whether or not there is a criminal offense suspected.
All of these changes are expected to take place in 2016, and it will be interesting to see if it has an effect on how people prioritize their data security.
- Ransomware Will Continue to Dominate
Ransomware will not quietly go away in the coming months, and we can soon expect to see more things other than data being held hostage. With more and more things, such as houses and cars, becoming internet-enabled, one can be left to wonder how long before the first house or car is held for ransom?
More attackers will threaten to make stolen data public, instead of just holding it hostage. A large number of ransomware families are using darknets either to command or control, or as payment page gateways, as was seen with Chimera, TorrentLocker, and so many more throughout the last year.
- Social Engineering is on the Rise
With cybersecurity coming to the forefront, and social engineering continuing to evolve, businesses will need to invest more resources in protecting themselves from attacks. Ramped up protection is achieved by investing in training and implementing strict consequences for offenders. It is crucial employees are adequately trained on the importance of security while on the company network.
Some basic tips to incorporate into your training include:
- Teaching staff about the implications of phishing emails and how to identify one
- Ensuring staff doesn’t click any malicious links contained in unsolicited emails
- Making staff aware of the signs of a scam, such as misspellings in emails
- Teaching awareness about sites that ask for personal or sensitive information
- Ensuring staff is aware of the importance of secure passwords, and never sharing passwords.
Us, as individuals, can send a clear message to the market by letting providers whom store your valuable data, such as banks and insurance brokers, know that you demand strong security. Have expectations for such things as multi-factor authentication, and hold them accountable if it is not provided.
Discover more about cybersecurity and what you need to do to stay safe in 2016. Contact ECW Network & IT Solutions at (561) 306-2284 or send us an email at Info@ecwcomputers.com to find out about our managed IT services. We’ll keep your technology safe and secure at a flat-rate monthly fee.