By Christos Dimitriadis
2016 is here, and with it comes new cyber-risk trends. Just as in 2015, we will continue to see a rise in cyber-attacks. The significant difference from previous years, however, will be the types of attacks and the targets that cyber-criminals zero in on.
That distinction will be primarily due to a massive jump in the migration to mobile and cloud computing. It is simply a matter of the bad guys following the data and the security weak points. This trend underscores the importance of enterprise IT and business organizations having the knowledge, skills and resources to manage new threats.
According to global IT and cyber-security association ISACA, these are the top five cyber-risk trends of 2016:
1. Hackers will increasingly target cloud providers, not just businesses.
Because more data is shifting outside of organizations through the use of hybrid and public clouds, 2016 will see increasing attempts from cyber-criminals to gain direct access to that information. IT leaders are taking notice. In a recent Osterman Research survey, approximately 76 percent of the respondents expressed concern about consumer-grade cloud storage, including file sync and share solutions.
2. Mobile malware and malvertising will cause mayhem.
With more and more services and advertising moving from the desktop to mobile devices, this year will see a massive increase in the frequency of malvertising—the practice of injecting malicious advertisements into legitimate online advertising networks. These and other types of mobile breaches have prompted an overwhelming majority of cyber-experts (87 percent) to speculate that mobile payment data breaches will increase over the next 12 months.
3. Millennials will take a closer look at privacy.
Millennials have traditionally valued privacy less than other age groups, but recent surveys reveal a shift in that generation’s thinking. The change has been spurred by the large number of high-visibility hacks that have exposed the personal data of millions in 2015, as well as Millennials’ high use of non-traditional Internet of things (IoT) devices that are more abundant—and more vulnerable to security risks—than other devices. These factors will prompt many Millennials to be more proactive with app providers and other businesses to make sure that their private information stays private.
4. Cyber-extortion will hit wearables, medical devices and gaming systems.
B2B use of the IoT will more than quadruple by 2020, when the worldwide total of connected devices is expected to reach or exceed 26 billion. That means wearables, medical devices, clinical systems, gaming systems, smart home devices and others may be increasingly vulnerable to security risks. Nearly three-quarters of IT professionals believe the likelihood of an organization being hacked via an IoT device is medium or high, according to ISACA’s “IT Risk/Reward Barometer” study.
Specifically, IoT devices are a convenient target for fraudsters, especially those attempting ransomware (a type of malware that denies access to the victim’s computer and data until the hacker is paid). Since 2012, the number of victimized companies—most of them small businesses—agreeing to make ransomware payments has increased from 2.9 percent to 41 percent.
5. Cyber-security will be the “it” job of IT.
A significant threat to national and global economic security is the shortage of cyber-security experts—a gap that will continue to stifle CISOs and CIOs in 2016. More than half of the global cyber-security professionals surveyed by ISACA and the RSA Conference reported that less than a quarter of job applicants are qualified for the cyber-security positions they were seeking.
Not surprisingly, this challenge has also made cyber-security a lucrative career option and a hot job: It was named No. 8 on the “100 Best Jobs” list from U.S. News & World Report.
As it always has, the cyber-crime landscape is constantly changing, which makes staying even or ahead of the learning curve difficult. Phishing, spear-phishing and malware will continue to plague enterprises in 2016. IT leaders need to address these issues, as well as understanding and meeting new threats tied to IoT, mobile devices, apps, the cloud and other rapidly evolving technologies.
This is a source of worry for many CIOs and CISOs. Their cyber-security teams often are not prepared for these new attack modes, and their security controls are often inadequate, making them vulnerable to cyber-crime.
As your organization’s security team prepares for the year ahead, make one of your resolutions is to prepare for these cyber-security trends. A critical part of that preparation is to focus on the development of your security workforce. It is harder than ever to find skilled cyber-talent—so make sure you are developing and training a strong cyber-workforce at your organization.
Yes, the risks ahead are daunting. But, if you have the right skills on board and a strong cyber-security program in place, you are on track for a great year.
Christos Dimitriadis (Ph.D., CISA, CISM, CRISC) is the current international president of ISACA, an independent, nonprofit global association that promotes industry-leading knowledge and practices for information systems.