Every year, it seems, the threats posed by cybercriminals evolve into new and more dangerous forms while security organizations struggle to keep up.
As 2015 draws to a close, we can expect the size, severity and complexity of cyber threats to continue increasing in 2016, says Steve Durbin, managing director the Information Security Forum (ISF), a nonprofit association that assesses security and risk management issues on behalf of its members.
"For me, 2016 is probably the year of cyber risk," Durbin says. "I say that because increasingly I think we are seeing a raised level awareness about the fact that operating in cyber brings about its own peculiarities."
Durbin says the ISF sees five security trends that will dominate 2016.
2016 security trends
- The unintended consequences of state intervention
- Big data will lead to big problems
- Mobile applications and the IoT
- Cybercrime causes the perfect threat storm
- Skills gap becomes an abyss for information security
"As we move into 2016, attacks will continue to become more innovative and sophisticated," Durbin says. "Unfortunately, while organizations are developing new security mechanisms, cybercriminals are cultivating new techniques to evade them. In the drive to become more cyber resilient, organizations need to extend their risk management focus from pure information confidentiality, integrity and availability to include risks such as those to reputation and customer channels, and recognize the unintended consequences from activity in cyberspace. By preparing for the unknown, organizations will have the flexibility to withstand unexpected, high impact security events."
Durbin says the threats identified by the ISF are not mutually exclusive. They can combine to create even greater threat profiles. He adds that we should expect new threats to emerge over the course of the next year.
1. The unintended consequences of state intervention
Conflicting official involvement in cyberspace in 2016 will create the threat of collateral damage and have unforeseen implications and consequences for all organizations that rely on it, Durbin says, noting that varying regulation and legislation will restrict activities whether or not an organization is the intended target. He warns that even organizations not implicated in wrongdoing will suffer collateral damage as authorities police their corner of the Internet.
"We've seen the European Court of Justice kicking out Safe Harbor," Durbin says. "We're seeing increasing calls for backdoors from governments, while certain technology vendors are saying, 'Good luck, because we encrypt everything end-to-end and we have no knowledge of what this data is.' In a world where terrorism is becoming more the norm, there is a cyber-physical link here. How do we legislate in the face of that?"
Sign up for CIO Asia eNewsletters.