​My 2016 Cyber Security Predictions

2016 is already here and we have it all in front of ourselves. What should we be expecting? In my crystal ball I believe that 2016 will be as turbulent and perhaps as controversial as 2015.

Let’s look at this from a macro view - the Russian economy and those of north Asia such as Korea are clearly worsening. While at the same time we have a global shortage of Cyber Security staff and for most of the western world also a slowing economy. This leaves us with certainty that there will be greater challenge and increased risk during 2016.

Where will these new risks manifest?

Financial Services Integrity Attacks

An Integrity attack is a specific attack where financial transactions are modified to debit my account and credit the hacker. This can occur usually with the assistance of an ‘insider’. To combat this requires clear visibility around changes to data and the people, process & technology that manages this capability.

However there is another dimension and this one is actually more frightening. This is the threat of ransom, where a hacker has made changes to regulatory reporting data or ‘material’ financial reporting systems.

Both instances create significant business integrity risk.

Smart but not Secure Things

We are seeing more things that are being attached to networks, or at least interacting with the network. No longer does the Network Manager have the full ability to really control at a granular level who accesses the environment.

There are wireless connected printers, speakers, sensors etc. Today I saw what was called a Smart Suitcase that allowed you to personally track the luggage. This particular suitcase even had what was called an electronic lock. I noted that however there was no mention of ‘security’ measures.

For the hackers these new Smart devices provide new attack vectors that are usually not hardened and thus easier to initiate a breach.

Attack Remote and Contracted Workforce

There is a megatrend for enterprises to reduce cost and transform their organisation by switching to Digital. This often results in less staff and more contractors with remote access. These end point devices are often BYOD and not locked down corporate computers.

On a similar vein, every enterprise is embracing the use of 3rd party developers, cloud hosting, supply chain partners and other partners.

Thus, I expect hackers to target these remote contractors, employees and partners in 2016.

Cyber Security Startups

There will be more investment attracted to this space despite what others are saying on this topic. The increased focus on digital means that cyber security has a greater strategic importance for enterprises wanting to win.

Take another view on this topic, there is also greater focus on cyber warfare between nation states. Unfortunately like the traditional economics tradeoff of ‘guns vs butter’, this will morph into ‘guns + cyber security vs butter’.

Startups and the larger players will equally benefit from this.

2016 will be a massive year for new cyber startups.

Social Payments Innovation

There is mobile payments innovation evident all around the world from USA to China. We seeing people now paying using Facebook, Twitter, We Chat and just about any of your suite of social media tools.

Both individuals and enterprises will experience clever social engineering attacks. This has to be expected as we see payments being made in these new domains. I would expect 2016 to see a major payments security issue that emanates from such social media channels.

Collaborate and share more intel

One positive to counterbalance these new risks is greater collaboration and sharing between parties. It is becoming increasingly recognised that sharing intel is a ‘necessary’ and required ‘evil’. A recent example is the US congress bill, this was specifically designed to increase the sharing of security threat information between US government and domestic companies.

The expected outcome is intended to protect the personal data of US citizens. Perhaps there is a price to pay around personal privacy to achieve this objective.

Wordcount = 666

Sorry, but I couldn’t help but notice this number at the base of my page. So had to end on a more auspicious note.

2016 is the Year of the Monkey in the chinese calendar.

Let’s be smart and clever little monkeys in 2016.

Join the CSO newsletter!

Error: Please check your email address.

Tags 2016 predictionsCyber Security PredictionsRussian economykorea2016CSO Australiacyber security

More about FacebookSmartTwitter

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Gee

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts