New Year’s Cyber Security Predictions
2015 brought some of the most aggressive cyberattacks and security breaches in history. From Anthem, to JPMorgan Chase, to the CIA director’s emails, nothing was sacred. An early 2015 Lloyd’s report estimated that companies lose $400 billion annually from cybercrimes, and premiums for cybercrimes had become one of the hottest forms of insurance.
The key takeaway from 2015 is that hackers, criminals and those lurking in the dark web marketplace are getting faster, smarter and more brazen about attacks. Law enforcement is evolving approaches to catch these thieves, but with limited resources it is more important than ever that companies take greater responsibility for updating outdated security infrastructures, and better protect themselves.
Therefore, it’s time to take action, share information and update approaches to prepare for what’s inevitably coming.
Unfortunately, attacks will intensify in 2016. We’re already seeing signs of aggressive strategies assailants will take. I believe the following cyber threats are the most likely to increase in the coming year:
The dark web is quickly becoming a virtual flea market for nefarious sorts looking to deploy cybercrimes. Through these sites, those intending to do harm to a corporate network, gain sensitive information, or conduct corporate espionage connect with like-minded individuals with the technology and know-how to deploy sophisticated cyberattacks. Individual pay-for–play hackers, through phishing attacks and other methods, acquire credentials, which they then either use themselves or sell to others in the cybercrime supply chain, to gain access, and move laterally within VLANs. This trend is growing at an alarming rate, and shows no sign of abating given the continued success rate of cyber criminals.
The most recent example of how nation-state threats are growing is the United States OPM Breach. Gone are the days of spies and clandestine operations: now we are dealing with cyber espionage, which is much more difficult to prove and track. Countries will say, for the record, that they are innocent of cyber espionage, but given the evidence, we know this activity is ramping up.
Data Aggregation – for Downstream Crimes
Criminal organizations will continue to target and correlate data on individuals from unrelated breaches to get a full picture of their identity. These more comprehensive dossiers, sometimes called “fullz”, can then be used for downstream crimes, such as filing false tax returns, applying for new credit, and broader wholesale identity theft. This data (such as social security numbers, addresses, etc.) resides everywhere—including healthcare organizations and financial services firms—but it is particularly concentrated in accounting firms and government databases. While the Federal Government will take steps to further secure their systems, look for an uptick in breaches of municipal databases in 2016.
As we move forward into 2016, and security weighs heavily on the minds of most business executives, it’s time to think about New Year’s resolutions to address these predictions. We believe that organizations need to rethink their security, and take a Zero Trust approach, which truly enforces the Principle of Least Privilege, consistently at both the application and network level.
Read about Cryptzone’s approach to a zero trust, software-defined perimeter access security by downloading our white paper titled, After the Perimeter: How a ‘Segment of One’ Simplifies and Improves Security. It’s not about completely replacing, but rather enhancing and adding needed layers, and proactive approaches to address the changing threat landscape.