As awareness of these scams increases, the attackers and their malware are likely to evolve and use more sophisticated techniques to evade detection and prevent removal. The "ransom letter" will likely also evolve and the attackers will use different hooks to defraud innocent users.
4. Cyber Attacks and Data Breaches Will Drive the Need for Cyber Insurance
When we look at the rapid adoption of cyber insurance, there are two key factors that attribute to this growth: new regulations which obligate companies to respond to information breaches; and the increase of cyber criminals using stolen information for payment fraud, identity theft, and other crimes.
Cyber attacks and data breaches cause reputational harm and business interruptions, but most of all-they are expensive. Relying on IT defenses alone can create a false sense of security; however, no organization is immune from risk. In 2016 many companies will turn to cyber insurance as another layer of protection, particularly as cyber attacks start mirroring physical world attacks.
Cyber insurance offers organizations protection to limit their risk, but companies should consider all coverage options carefully. It's not about checking off a box; it's about finding a policy that protects an organization's brand, reputation, and operations if faced with a breach.
Cyber insurance is evolving as fast as technology. What is considered core coverage today was not available as little as three years ago, and enhancements to coverage will continue to be negotiated in the marketplace every day as data breaches and cyber risks evolve.
5. Risk of Serious Attacks to Critical Infrastructure Will Increase
We have already seen attacks on infrastructure and in 2016 we can expect this to continue to increase. Motivations for critical infrastructure attacks are both political and criminal, with nations and political organizations operating cyber-warfare campaigns, and criminals attacking for profit or ransom. The industrial IoT is becoming more connected due to requirements and demand for reporting and improved functionality through connectivity with additional services. These changes introduce bigger attack surfaces into the more traditionally hard to secure environments.
6. The Need for Encryption Escalates
Encrypt everywhere is quickly becoming the mantra of the technology industry. With so much communication and interaction between people and systems happening over insecure and vulnerable networks like the Internet, strong encryption for this data in transit has been well recognized for some time and it is generally implemented.
Unfortunately many new devices and applications have had poor implementations, leading to vulnerabilities that allow focused attackers to gain access to communications. For example, the mobile device has become center of most peoples' lives for communications, data storage and general technology interaction. This presents a high value target for cybercriminals, who are looking to exploit this. Mobile OS makers continue to make improvements to the encryption of their products to fill in the gaps from the application and service makers. While this trend of encrypting more is good for protecting user data from cybercriminals, it has also raised the ire of governments who believe this be a hurdle for law enforcement. It seems that the crypto-wars of the 90's may be repeated in the next two years.
Sign up for CIO Asia eNewsletters.