Although New Year usually brings in joy, fun and hopes for the future, it also opens up the door for new security threats to challenge both the average technology users and businesses of all sizes. And 2016 is promising to be another “fun” year for cybercriminals, that's for sure!
As pointed out by Guillaume Lovet, Director of Product Security & Threat Response Manager of Fortinet: “In the years ahead cybersecurity will bump into three major challenges: threat escalation, unique character of intentional attacks and the IoT”. 2016 will be the year these three security challenges will take to central stage.
According to IDC estimates, only 30% of data in the IoT networks is going to have the appropriate level of cybersecurity by 2020. Corporate infrastructure growth and increase in complexity leads to the decrease in control and data usage causing industrial espionage, identity theft, and attacks on financial data.
Protecting the Cloud and Web-connected hardware against cyber attacks will become a truly critical focus for software development companies worldwide forcing them to modify security for different environments – whether it be mobile, local or Cloud, and make complex changes to underlying algorithms of any software product, lest a vulnerability be created.
Throughout 2015, cybersecurity has remained an afterthought, with many software developers focusing on application features and UI more than on embedding security designs into a project development specification. Such an attitude has already cost companies on average $50,000 to nearly $450,000 per a DDoS attack incident this year, and will cost businesses even more in 2016 unless software developers become more security savvy and take appropriate measures to protect their software against phishing, DDoS, viruses and other cyber threats.
To cut a long story short, here’s a list of top online security issues software developers should be aware of prior to launching any software development project.
Social media will provide the perfect opening for targeted cyber attacks
In 2016, we’ll most likely see an upswing in spear phishing that leverages personal data found on social media. With millions of personal and corporate accounts already being active across various social media platforms like Facebook or LinkedIn, oversharing sensitive information and resulting data breaches will become inevitable in 2016. So, a gap between poorly and well-managed social accounts will become larger in the coming year. The poorly managed accounts will continue ignoring cyber security threats and, thus, putting users at risk of personal data theft, while the well-managed accounts will have at least one security specialist at the backstage to help secure any social media communications and transactions. Also, a growing number of businesses is expected to develop internal cyber-hygiene programs to better train employees on safe usage of personal and corporate social media accounts.
Malware will be more often delivered from “trusted” servers that have been hacked and compromised
In addition, malware will become more intelligent and increasingly evade sandboxes in 2016. Classifying websites and apps and adding an SSL certificate will not be enough to protect them against cybercrimes next year. As such, a more proactive “blanket” approach will be needed by most of organizations to combat cyber attacks send from the trusted properties.
The use of Cryptowall 4.0 will explode and make ransomware crimes' wave surge across the corporate America
Ransomware and wiper attacks will be able to wreak havoc on any company in 2016, take critical IT systems offline and halt operations, delivery, and other KPIs. As more data is released daily, the large-scale cyber attacks will use stolen credentials from the previous data breaches to access new sensitive information. Stealing types of data that can’t expire or be reset (e.g., someone’s medical history) will give cybercriminals the luxury of time to build infrastructures able to monetize the stolen identities.
Mobile malware will first and foremost target finance, banking and healthcare
As claimed in Inc.com, Q3 2015 IT Threats Report by Kaspersky Lab finds that mobile banking Trojans have seen a four-fold increase over the previous quarters of 2015. Additionally, malware families that gain root access rights on user devices have increased significantly over 2015. It’s expected that next year cyber attacks will gain more control of user devices and make it very hard to remediate – even full factory reset may not be sufficient to eliminate the attack's damage. Going forward, these attacks will pose a serious risk for many financial institutions, online payment service providers and healthcare / insurance organizations that have by far been ignoring the necessity to build highly efficient cyber security programs.
To protect users from theft of their financial information used for making mobile payments, developers will be integrating both pre and post authorization tokens.
2016 will revolutionize the way firewalls are built, installed and configured
There’ll be a major shift as companies re-think security and finally give up attempts to build own security or move responsibility to vendors with stronger anti-fraud capabilities. Software defined networking (SDN) will become fully operational and deliver better security and performance in 2016. This will change the way firewalls function right now.
Consumer data and identity management will increasingly migrate to the Cloud
Software developers will embed reusable code and vetted services into their software in order to avoid building systems from scratch and increase the level of security, compared to the homegrown offerings. Those that prefer “build your own” approach will finally see relief in 2017 after container technologies have allowed development teams, both in-house and offshore, to integrate and manage microservices of their own.
Hackers will now have a wider array of connected devices to compromise
As mentioned above, the IoT will become a major target for cybercriminals in 2016, as the number of connected devices is expected to double next year and hackers will always be tempted to break in and enter information they generate and store. For instance, hackers can leverage the IoT devices to determine whether a person is at home or not or track a person’s real-time location. While corporate data breaches may decrease in intensity, as security design will be more embedded into the IoT application architectures, the identity fraud and spear phishing will flourish due to easy availability of private information stored by the consumer facing IoT devices.
When building IoT applications, software developers need to make sure their apps can survive any existing type of a cyber attack and back up their confidence with even more rigorous penetration testing.