Posted February 29, 2016
Today’s blog summarizes findings from our new 2016 information security white paper, in which we discuss trends we saw in cybersecurity throughout 2015, as well as our outlook for 2016.
2015 was a landmark year for information security. We saw new and sophisticated malvertising campaigns, a shift in hacktivists’ tactics, an increased emphasis on vendor/third-party security practices, and companies combatting employee negligence with security awareness training. All of these issues beg the question, what could possibly be in store for 2016?
Small businesses will be under attack
For years, threat actors have targeted larger corporations for their placement and access to Personally Identifiable Information (PII). In 2016, however, as larger corporations strengthen their security measures and heighten their awareness, we see threat actors shifting their focus from large businesses to small-and-medium-sized businesses (SMBs). This, coupled with SMBs’ lower security barriers, role as third-party vendors, and the proliferation of open source network stress testing and denial-of-service (DoS) attack applications, makes SMBs bigger targets.
Rise in compromised internal communication systems
Internal chat systems have become a staple in many companies. They cut down on emails, minimize noise in the workspace, facilitate collaboration on projects, and allow for a more instant connection with coworkers that email does not provide. As software-as-a-service (SaaS) becomes increasingly more common in business environments, employees will find themselves using different chat programs than in previous years, opening the door for new vulnerabilities and attacks. Not only will these new solutions be a burden for IT teams with all of the possible vulnerability patches and additional upgrades to maintain these systems, they will also likely be the source of new leaks in 2016 as malicious actors continue to exploit unmitigated threats in existing infrastructure and leapfrog into new productivity suites to search for data.
Evolving threat landscape will be a barrier to the cyber insurance market
Security researchers estimate that the cyber insurance market will triple in size to $7.5 billion in annual premiums by 2020. Others predict that the cyber insurance market could grow to $20 billion by 2025. While the concept of cyber insurance is nothing new, the volatility of a constantly-evolving threat landscape will affect the widespread adoption of cyber insurance policies, specifically by large businesses.
Social engineering attacks to play a larger role in security breaches
Social engineering – the practice of using non-technical methods to trick people into doing something they would not normally do otherwise – is not a new attack method. Threat actors have been researching their target victims by analyzing their social media profiles and Internet footprint and then forming relationships with them for years.
In 2016, we will likely see social engineering evolving in the following ways:
- More compromises of corporate networks
- Increased use of pretexting by all threat actors, especially hacktivists
- A greater role in hacktivist activity
Download our white paper, “Information Security Threat Landscape: Recent Trends and 2016 Outlook” for a more in-depth discussion on these topics.