As 2016 kicks off, leading cloud security company iSheriff has forecast the top five security threats that businesses will face in the next 12 months. While some of these trends started in 2015 and are expected to continue, others will bring newchallenges for security professionals.
- More POS device breaches. In 2016, we can expect more headlines about credit card information being stolen in bulk. The ongoing problems with lax security configuration, weak passwords and third party access vulnerabilities will be compounded by the rollout of EMV card terminals. Despite the increased security promised by EMV standards, hackers will find plenty of opportunities to exploit rushed deployments, customer and cashier confusion and aging POS systems, yet to be replaced.
- Devices that come and go off the network, coupled with the ongoing BYOD trend, will continue to confuse security managers whoknow it is imperative to secure all endpoints. But without the proper tools to do this effectively, administrators will be left to choose between over-restricting access and reducing user functionality. Companies must be diligent about creating and enforcing BYOD policies that include a verification capability, while engaging the whole organisation in secure BYOD campaigns can help promote a culture of responsibility and awareness.
- Companies of all sizes and types will have to deal with breaches and lost data. While breaches at major, global organisations will continue to make headlines, cyber criminals will look for the path of least resistance and pursue smaller businesses. As enterprise security programs improve, many bad actors will look for fresh opportunities to ambush unsuspecting SMEs.
- Ransomware will continue to evolve and become increasingly complicated. We continue to be shocked at the number of ransomware attacks where the victim actually pays the ransom. The FBI said it received 992 CryptoWall complaints from April 2014 to June 2015, representing total losses of $18 million in reported cases alone. Because criminals are finding this scheme lucrative, they will continue to work on producing virus variants that are harder to detect and decrypt.
- The trend towards cloud-based security services will enable a shift towards true integration. This shift will be of fundamental importance in delivering complete visibility across an organisation’s security position – something that simply isn’t possible with today’s fragmented approach. With CISOs continuing to demand best of breed solutions, a move towards open APIs and integration frameworks will enable this to be achieved without critical visibility compromises. Traditional security approaches are no longer sufficient; infrastructure complexity, the dissolution of the network perimeter, the mobile workforce, and interconnected supply chains create enormous new challenges.
“While cyber security has gained some long awaited traction and momentum in 2015, it is not yet time to celebrate a job well done. As quickly as new security mechanisms are being developed, cybercriminals are cultivating new techniques to bypass them,” said OscarMarquez, CTO at iSheriff. “It’s important for businesses of all sizes to take time to thoroughly assess their organisation’s ability to defend its data, networks, employees and customers. Every business should resolve to strengthen cyber security capabilities over the yearahead.”