Cyber-Security

How to defend your company against the worst hackers? What the New Year has to offer.

When it comes to seeing in a crystal ball in the world of technology, the golden rule is not to do it, since they end up looking like a blind man in the 12 month time.

This time, however, the sad truth of the matter is that the prediction of possible IT security threats for next year is really not that difficult: “more of the same criminals” almost sums it up.

But as long as exploit kits, DDoS attacks, and ransomware exist, everything will continue marching in the company and doing damage, and these threats also evolve to be more dangerous.

Here are five IT cybersecurity predictions to reflect on what is rescued from your end of the year party.

Table of Contents
Evolution not revolution
Harder, stronger, deeper, longer
Weapons with Android
Internet of Things insecure
Lack of capabilities
Evolution not revolution
Criminals, whether of the cyber variety or any other, tend to adhere to what they know. However, the good guys are always raising the stakes, so it makes the job harder for the bad guys, forcing criminals to modify and improve their attacks.

Both tactics and technology are constantly being adjusted to make it harder to detect what is happening, and therefore make these attacks harder to stop.

What does not move, of course, are the rules of the game: the bad guys continue to be after obtaining their data. This means that you should focus on what is not only as hard as possible for access but also useless to a thief if they manage to take over the barricades (yes, we are talking about encryption here).

But what about the revolutionary changes, surely there must be some threats that fall outside the “slightly adjusted” norm, surely there must be some things that will not be evident on the radar?

I am not convinced that it is really true, at least not in the sense of being able to predict what they will be. Revolutions do not tend to be announced in advance, after all. What we can do, however, is to guess the possible movements that will have an impact on the company, and I suggest that you keep an eye open for them.

Harder, stronger, deeper, longer
One of the changes is that criminals adopt a concentrated approach instead of a dispersed approach, so the data obtained by an attack may prove useless.

It is likely that bad boys will depend less on attacks in broad strokes by targeting these large companies, and instead of going deeper and narrower, they will go increasingly sophisticated and spend more time and money to break up defenses.

We have already seen such incidents such as TalkTalk data breach and OPM hacking in 2015 – they expect more in the New Year.

Weapons with Android
The armament of Android attacks could finally become a reality in 2016. We have already seen the warning shots being fired through the arcs of the mobile panorama: Stagefright, a very close bug.

Android has been pointed out for two reasons: market size and fragmentation. It has the largest number of mobile users by a huge margin, and the operating system is fragmented through phones and versions. So is not only the opportunity to make huge profits for the bad guy but also the ability to deploy security protection against newly discovered vulnerabilities.

Internet of Things insecure
Although it is not so new, it is proving to be a revolutionary element of the technology sector, although in a somewhat relaxed and slow way. Yes, I am talking about the Internet of Things (IoT), which cannot have escaped your attention, and certainly, the criminal fraternity has not passed. The bottom line is that your data is valuable, so you need to understand where it is going, and protect it both on the road and in the destination.

That without demonstrating how easy it could be to aspire when it comes to a large number of connected widgets of low power and minimally endowed with resources. The exceptions are probably smartwatches if adoption continues in an upward curve in 2016 (start thinking about how to protect our devices). These contain a good amount of energy in the wrist and can contain (or have access to) a large amount of data.

Lack of capabilities
Perhaps the biggest threat that organizations faced in 2016 is the growing skill gap between those who would steal our data and those who can protect it. Security budgets are not bottomless wells, and there is often not enough money to allow security IT teams to keep up to date with all the news within the possible threats and maintain the daily routine that the job requires.

Criminal companies and state-sponsored actors have the money to hire the specialized skill sets required for a particular attack, and they have the luxury of knowing exactly what they are going to do.

IT security teams, meanwhile, have to try to defend themselves from everything, and that will be doomed to failure.