3. Big businesses will be compromised by insecure messaging systems, which will lead to infiltration, intellectual property theft, and worse. Forget BYOD - a bigger concern is BYOM, Bring Your Own Messaging. Despite corporate policies, employees will insist on using text messages, Facebook messages, Twitter direct messages, you-name-it, to collaborate with fellow workers and do important business with customers, suppliers and partners. Ad-hoc messaging is insecure, and doesn't adhere to record retention policies. What's more, if those systems are compromised (see #4 above), the consequences will be dire. In 2016, we will see at least one major messaging breach with HIPAA, SEC or national security implications. What's the fix? Better secure messaging platforms, and corporate policies that use both carrots and sticks to enforce their usage.
2. Platforms will be compromised by spyware in ways that consumers, or even carriers, can't detect or defend against. Think rootkits. Think spyware in applications baked into smartphone firmware. We saw those reports in 2015, affecting phones and notebook computers. Where is that malware coming from? In some cases, overzealous advertising networks, and in others, greedy hardware companies that loaded apps without due diligence. Some were caused by foreign actors - that is, governments and spy agencies. It's going to get ugly as more and more devices are found to be compromised with spyware, tracking software, keyloggers and worse. We think that at least once major IoT (Internet of Things) product will be compromised in this manner. What can consumers do about it? Not much.
1. Vendors will begin changing products and services to require strong protection by default. Security often makes products hard to use, and can result in early dissatisfaction, product returns and service cancellation. That's why many platforms come with encryption or security disabled, so that customers can begin using their new hardware, software or service immediately with ease. A bright spark in 2016 will be the realisation that we need security everywhere, and we need it immediately. Installers and configuration programs will begin to insist on the configuration of strong passwords, robust encryption and two-factor authentication before a product can be used or connected to a network. Strengthening security will be a slow, gradual process, and won't be talked about very much. We won't see headlines: Remember, vendors don't like to talk about security. They don't have to talk about it, though - as long as they start doing security right.
Sign up for CIO Asia eNewsletters.