Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Five security predictions for 2016

Jon McLachan, Senior Security Engineer at Symphony Communications | Jan. 20, 2016
Jon McLachan of Symphony predicts that security incidents that happened last year will take place this year on a larger scale.

This vendor-written piece has been edited by Executive Networks Media to eliminate product promotion, but readers should note it will likely favour the submitter's approach.

Hacks. Breeches. Theft of intellectual property. Man-in-the-middle attacks. Rogue cybercriminals and orchestrated efforts by foreign actors. Celebrities with weak passwords. Wholesale downloads of account usernames and passwords from poorly protected websites. Increasingly tricky social engineering. Secret backdoors built into IoT devices and network infrastructure and cloud services or just plain old fashion code injection.

Those were some of the biggest security news headlines in 2015. Those same headlines will be among the biggest security news in 2016 - but on an even larger scale.

The challenge with making security predictions is that we can only talk about bad news, because that's the only news that makes it into the public sphere. Nobody talks about when encryption works to protect websites or safeguard personal information. Bloggers don't notice when a firewall stops an intrusion, or when transport layer security (TLS)is implemented correctly in open source software. Hospitals don't hold press conferences to declare that patient data remains HIPAA-compliant. School districts don't declare victory at parent-teacher conferences when their infrastructure throttles back DDOS attacks.

Threats live and work in the shadows, behind the scenes, off the record. Most of the time, security works, and we never hear about any of those successes,until security fails, that is, and the threats become palpable.With that in mind,here are five security predictions for 2016:

5. Backdoors in numerous products and services, like cloud applications, enterprise routers and embedded devices, will betray users and businesses. Backdoor passwords are always a threat, especially if the customer doesn't know about them and doesn't have the ability to turn them off. Sometimes backdoors are inserted surreptitiously by intelligence agencies; sometimes to allow for service access by a vendor; and sometimes snuck in by unscrupulous employees. The reason doesn't matter. During the year, we will learn about backdoors, and this will erode trust across the board. What's the solution? Clearly open source software allows for the possibility of detecting backdoors, but even there, you can't always be sure that the compiled binaries (or final product) use that code. This will be a big story in 2016.

4. Many so-called "hacks" will continued to be enabled by weak, easy-to-guess passwords. It doesn't take a lot of sophistication to launch a dictionary attack on a social media account, or even gain entry by typing the name of a celebrity's adorable bichon frise. Such attacks will allow for identity theft, espionage and intellectual property theft, the emptying of back accounts, and all sorts of fraud. In 2016, we will learn about shocking attacks against government officials, military officers, business leaders, academics, politicians and more. Because so many people insist on reusing passwords (or variations on passwords), the consequences of weak passwords will be far-reaching. We need something better than passwords, but we won't see wide-spread adoption of fingerprints, retinal scans or two-factor authentication in 2016.

 

1  2  Next Page 

Sign up for CIO Asia eNewsletters.