Online security trends continue to evolve.
This year, online extortion will become more prevalent. We also expect that at least one consumer-grade IoT smart device failure will be lethal. Ransomware will make further inroads, since the majority go unreported. China will drive mobile malware growth to 20M, and cybercrime legislation will take a significant step towards becoming a truly global movement.
Here are five information security trends on track for the New Year:
ONLINE EXTORTION WILL BE MORE PREVALENT IN 2016.
In the past, cyber extortionists used ransomware to coerce victims into paying ransoms by playing upon their fears about viruses: locking their screens and requiring payment to regain access; using police trojans to threaten them with arrests for fabricated violations; or stealing data and holding it for a lucrative ransom.
Future cyber extortion will be personalized for an end user or enterprise. New social engineering lures will cause businesses to fall for elaborate tricks. There will also be a major increase in successful methods for persuading employees to transfer money into cybercriminal-controlled accounts.
THE INTERNET OF THINGS MAY HARM SOMEONE.
Public interest in connecting devices and appliances to the Internet will increase even though users are becoming increasingly aware of the security risks. Smart-connected home device shipments are projected to grow at a compound annual rate of 67 percent in the next five years, and are expected to hit almost 2 billion units shipped in 2019—faster than the growth of smartphones and tablet devices.
While there are no signs of a possibility of a large-scale hacking attack, the likelihood that a failure in consumer-grade smart devices will result to physical harm is greater, and a fatality is an eventuality.
CHINA WILL DRIVE MOBILE MALWARE GROWTH AND GLOBALLY, MOBILE PAYMENT METHODS WILL BE ATTACKED.
Unregulated third-party platforms and channels in China that offer free app downloads (75 percent of which contain malware) will continue to affect users in China. While Google Play (which has less than 1 percent harmful apps) is available in China, it reaches only 21 million of the estimated 800 million Chinese mobile users.
This environment will create exponential growth of mobile malware at an unprecedented rate that’s projected to reach 20 million by the end of 2016.
Despite the slow adoption rate of Google Play in China, the introduction of next generation mobile payment systems will inspire cybercriminals to steal information from new payment processing technologies like EMV credit cards, contactless RFID credit cards, and mobile wallets like Apple Pay and Google Wallet.
In 2016, the improved security brought by these modes of payment will be challenged by cybercriminals.
DATA PROTECTION OFFICERS ARE A NECESSITY, BUT LESS THAN 50% OF ORGANIZATIONS WILL HAVE THEM BY THE END OF 2016.
The EU Data Protection directive will require a high standard of data protection, and the role of the DPO will be vital in ensuring data integrity and compliance with the regulations of countries where company data storage occurs.
DPOs will begin to make use of threat intelligence and state-of-the-art security solutions that will enable them to move out of a passive “defense” mode into an active “attack” mode.
CYBERCRIME LEGISLATION WILL EMBRACE GLOBALIZATION.
Governments and authorities will become more responsive to cyber offenses, as evidenced by the continued arrests and sentencing of various cybercriminals.
Last year, law enforcement agencies took down the hacking forum Darkode, the SIMDA botnet and multiple servers of the online credential-stealing DRIDEX botnet. We will also see enhanced international cooperation, as spearheaded by major regions like the US and Europe, in their recent data-sharing agreement on investigations.
The Internet has operated with very lax regulations for years. 2016 will see a significant shift in the mindset of governments and regulators to take on a more active role in protecting the Internet and safeguarding its users. Cybercrime laws will be in discussion, and changes to outdated cybersecurity standards will be made to bolster an improved stance on security.