Christos K. Dimitriadis is international president of ISACA, which established the Cybersecurity Nexus as a resource for cybersecurity professionals and organizations. He is also group director of information security for INTRALOT.
Armed with industry insights and research studies -- coupled with the burning issues my team and I encounter on a daily basis -- I’ve determined the top 5 cyber risk trends for the coming year that I believe chief security officers and chief information officers should have on their radar.
One overarching theme touching all five predictions is the massive shift to mobile and cloud computing, which means businesses and consumers alike will encounter some surprising additions to the cyber risk landscape in 2016.
Of course, there is no question cyberattacks are on the rise. But what is changing dramatically are the types of attacks and the targets bold fraudsters are focusing on. The trends of 2016, more than ever before, make it imperative that enterprise IT and information security organizations have the knowledge, skills and resources to manage these new threats.
Five cybersecurity trends reaching critical mass in 2016 are:
1. Cyber-extortion Will Hit Wearables, Medical Devices and Gaming Systems
The colossal increase in B2B use of the Internet of Things -- expected to quadruple by 2020 to 5.4 billion connected devices -- think wearables, medical devices, clinical systems, gaming systems, and smart home devices, will be increasingly vulnerable to security risks. Three-quarters of IT professionals believe there is a medium to high likelihood of their organization being hacked via an IoT device, according to the 2015 IT Risk/Reward Barometer.
IoT devices are very attractive targets for cyber criminals, particularly for those attempting ransomware, which involves malware that denies victims access to their computer and data until the hacker is paid. Ransomware will continue its upward trend in 2016.
2. Hackers Will Increasingly Target Cloud Providers, Not just Businesses
With more data moving outside organizations to hybrid and public clouds, I expect we’ll see more cybercriminals attempting to access that data. In a recent ISACA survey, three-fourths of IT leaders expressed concern about the security of consumer-grade cloud storage.
3. Millennials Will Take a Closer Look at Privacy
Many recent research reports are echoing a common theme: Despite what many think, millennials are beginning to value privacy more. Countless high-visibility hacks in 2015 exposed the personal data of millions, and the IoT devices loved by millennials are particularly vulnerable. This will prompt millennials to be more proactive about ensuring their private data stays private.
4. Mobile Malware and Malvertising Will Cause Mayhem
As more services and advertising move from desktop to mobile devices, 2016 will see a dramatic increase in malvertising, which is the practice of injecting malicious advertisements into legitimate online advertising networks.
Malvertising and other mobile breaches have prompted the vast majority of cyber experts (87 percent, according to one study) to predict mobile payment data breaches will increase in 2016. I wholeheartedly agree.
5. Cybersecurity Will be “It” Job of IT
One of the greatest threats to national and economic security is the global cybersecurity skills shortage, which experts believe will continue to stifle CSOs and CIOs in 2016.
A majority of the global cybersecurity pros surveyed by ISACA’s Cybersecurity Nexus and RSA Conference reported that less than 25 percent of cybersecurity job applicants were qualified. It’s an issue I see on a regular basis. Not surprisingly, this has made cybersecurity a lucrative career option. U.S. News & World Report named cybersecurity eighth on the 100 Best Jobs list.
Enterprises are justifiably concerned about these cyber risks, because all too often cyber IT teams are not prepared for these new forms of attack (this is especially a concern with the significant talent shortages we’re facing globally, with many organizations having open cyber positions for far too long).
While phishing and malware remain problematic and need attention, IT leaders also must quickly address threats tied to IoT, mobile devices, the cloud and other fast-growing technologies.