The cyber-acts that will define 2016 could see an increase in vulnerabilities from the aging Internet, U.S. presidential election cyber-antics, and cybercriminals pickpocketing the wallet on your phone.
Here’s the Raytheon|Websense headline predictions:
- The structure of the internet is aging – forgotten and ongoing maintenance will become a major problem for defenders. Like barnacles on a boat, the cost of security maintenance will begin to grow and create massive problems with the internet and security practices. A significant number of the Alexa 1000 are not up-to-date on certificates. Additional problems include: old and broken javascript versions that invite compromise; rapid OS updates and new trends in software end-of-life processes that cause havoc and new applications built on recycled code with old vulnerabilities (think Heartbleed and POODLE). All of these ghosts of Internet Past will come back to haunt in 2016.
- The cyber insurance market will dramatically disrupt the way the security industry operates. Insurance companies will refuse to pay for breaches caused by ineffective security practices, while premiums and payouts will become more aligned with underlying security postures and better models of the cost of an actual breach. Further, to some extent, insurance companies will greatly affect security programs, as requirements for insurance become as significant as many regulatory requirements (PCI, HIPAA, ISO 27001).
- Hacks targeting mobile devices and new payment methodologies will impact payment security more than EMV. The increase in non-traditional payment methods on mobile devices or via beacons and smartcards will open up the doors for a new wave of retail data breaches.
- New Generic Top Level Domains (gTLDs) will be used in active spam and other malicious campaigns. The number of gTLDs as of November 2015 exceeds 700 domains, and about 1,900 more are in the waiting list. As new top-line domains emerge, they will be rapidly colonized by attackers well before legitimate users. Taking advantage of domain confusion, criminals and nation-state attackers will create highly effective social engineering lures to steer unsuspecting users toward malware and data theft.
- The US Elections will drive significant themed attacks. Attackers will use the attention given to political campaigns, platforms and candidates, as an opportunity to tailor social engineering lures. Others will focus on hacktivism, targeting candidates and social media platforms.
[su_box title=”About Raytheon|Websense” style=”noise” box_color=”#336588″]Raytheon Company (NYSE: RTN) and Vista Equity Partners completed a joint venture transaction creating a new company that combines Websense, a Vista Equity portfolio company, and Raytheon Cyber Products, a product line of Raytheon’s Intelligence, Information and Services business. The newly-formed commercial cybersecurity company will be known on an interim basis as Raytheon|Websense. The company expects to introduce a new brand identity upon completion of standard organisational integration activity.[/su_box]
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.