2. Cybercriminals will get even more aggressive with ransomware in their pursuit of high-profile financial targets
According to an Infosecurity Magazine article, financial services firms are hit by security incidents 300 times more frequently than businesses in other industries. In 2015, the Federal Financial Institutions Examination Council (FFIEC) warned that cyber-attacks against financial institutions to extort payment in return for the release of financial information and sensitive data are increasing.
Just recently a hospital in Hollywood was subject to a cyber attack that utilised ransomware with the attackers demanding a hefty payment in order to allow the hospital to restore the use of critical IT systems.
In the year ahead, these types of attacks will become more prevalent and aggressive, as motivated attackers find new ways to utilise ransomware to blackmail individuals and corporations. Not surprisingly, the attackers will follow the money, particularly targeting enterprise organisations that have the resources and are most likely able to pay the requested ransoms.
3. Lines between physical and cyber terrorism will blur
In 2015, devastating acts of terrorism impacted the global community. This year, we will increasingly see the convergence of physical and cyber terrorism aimed at wreaking far-reaching havoc. For example, as Reuters reported, a suspected attack on a Ukrainian power grid recently left parts of the country without energy. This attack represents one of the few publicly documented assaults on an industrial target.
Most recently, the Department of Homeland Security, the Federal Bureau of Investigation and the National Security Agency (NSA) jointly issued a report "Seven Steps to Effectively Defend Industrial Controls Systems," highlighting the increased frequency of attempted attacks against Industrial Control Systems (ICS). Further, demonstrating the potential growth of this market, Frost and Sullivan recently reported that the Asia-Pacific ICS security market earned revenues of $162.9 million in 2014 and is estimated to reach $1.18 billion in 2019.
Further, the setup of Security Operation Centres in every sector by Singapore's Cyber Security Agency (CSA) aims to raise awareness and build capabilities to safeguard critical infrastructure from cyber attacks.
Over the course of the year, we expect to see more headlines of greater coordination between these two types of attacks - physical and cyber - and more successful breaches that could negatively impact major health systems, financial markets and energy grids, among others.
Motivated cyber attackers will always look for new ways to exploit network weaknesses in order to attack enterprises and exploit sensitive data. With the rise of digitalisation and the Internet of Things, any connected device could be a potential target. By building greater awareness about these emerging threats, organisations will be better equipped to put in place proactive security programs to mitigate the risk of a devastating cyber attack. Reflecting traits symbolic of the monkey, in the coming year organisations will need to remain nimble and clever to outwit persistent attackers.
Sign up for CIO Asia eNewsletters.