Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

5 biggest cybersecurity concerns facing CIOs, CISOs in 2016

Clint Boulton | Jan. 19, 2016
Carl Leonard, a principal security analyst for Raytheon's Websense cybersecurity software unit, offers insight into the most serious threats CIOs and CISOs are likely to grapple with this year

Last year began and ended with a series of high-profile cybersecurity attacks, starting with the pilfering of 80 million Social Security records at health insurer Anthem and culminating with infiltrations at Starwood, Hilton and Hyatt hotel chains. Expect digital assaults, -- ranging from standard malware to more sophisticated, clandestine entries -- to continue on leading corporate brands in 2016, according to Raytheon's Websense business. The cybersecurity software maker, which analyzed threat data from 22,000 customers in 155 countries, says hackers will conjure attacks that target emerging technologies, such as mobile payments and top-level domains.

Companies and consumers can also expect targeted attacks on aging Internet infrastructure, as well as on the Facebook, Twitter and Instagram accounts of presidential election candidates, says Carl Leonard, a Websense principal security analyst and author of the company’s 2016 predictions report. CIOs, scrambling to defend their corporate assets, will continue to invest in cyber insurance, though they will find it tough going as insurers conduct more scrupulous vetting of potential clients’ cybersecurity postures. Below are the five biggest concerns CIO and CISOs need to focus in the new year, according to Websense.

carl leonard websense con art
Carl Leonard, principal security analyst at Websense.

1. Hacks of mobile payments and other non-traditional payment systems. As smartphones continues to become the preferred source of authentication for many financial transactions, malware authors will increase their efforts to steal funds from consumers' Apple Pay, Google Wallet and other mobile payment systems.

CIOs listen up: once attackers have learned to infiltrate consumer’s mobile wallet they may tap into your corporate networks for those smartphone owner’s work. "Emails, contacts, authentication measures and apps that access the corporate network from the phone can become a phenomenal source of intellectual property, insider information and other confidential business materials become easily obtainable and can net an attacker sizable treasure," Leonard says.

2. From Heartbleed to heartache. Open source vulnerabilities, including Heartbleed, Shellshock and Poodle, struck fear into the hearts of Akamai and other companies in 2015. Expect more attacks on the creaky Internet infrastructure. Leonard notes that a significant number of the Alexa 1000 top websites are not up-to-date on certificates. "We observed certificate issues related to older hashing schemes such as SHA-1, as well as problems related to the version of ciphers supported. If some of the “big names” on the Internet are struggling to keep up, how can smaller vendors cope?"

Additional problems include old and broken Javascript versions; end-of-life challenges for core software such as Windows XP; and new applications built on recycled code with old vulnerabilities. "It's very difficult for systems to be migrated because you risk losing functionality or introducing new bugs," he says.

 

1  2  3  Next Page 

Sign up for CIO Asia eNewsletters.