2014 was infamously dubbed the ‘year of the data breach’ suggesting a year to end all years of data security, only to find that 2015 held, even more, surprises than the year before. This worrying continuation of data security threats has got many in the IT industry worried about 2016. The war against Cybercrime has engulfed companies who are vulnerable to ever growing, sophisticated hacks whilst customer data continues to grow in value. We wanted to find out how the technology industry plans to evolve in 2016.
Increasing DDoS Attacks
The biggest data breach of last year undoubtedly came from UK telecoms provider Talk Talk. The attack is thought to have cost the company £35 million. It was Talk Talks lack of DDoS protection which threw up a number of ‘red flags’ among the investigation into the crime. DDoS attacks have grown into a major threat as companies have the threat of several different attacks happening at once or in rapid succession.
DDoS has evolved into a top-level threat and we expect the Internet Service Providers to respond to this in 2016 with a greater legacy approach to DDoS migration and implementation of more sophisticated and granular protection in the internet age. Legacy scrubbing centre operations and blackholing victims IP’s will be looked upon when responding to DDoS attacks. These will be the go-to tactic in 2016.
Attacks such as the Metro Bank Twitter phishing attacks could also be an indication as to how security and attacks will evolve in 2016. Applications are considered to be at their most vulnerable due to their relatively new existence. This leaves mobile apps exposed to phishing scams. Technology learns to protect itself the hard way; through failures in learns where its vulnerabilities are. Take the internet, for example, its existence is near on 15 years old. This kind of experience has helped it develop into a highly sophisticated state which still from time to time becomes exposed. We, unfortunately, cannot say the same thing about mobile apps who don’t have the experience of past failures to protect its users.
Threats can be blocked more effectively in the periphery, however in 2016 IT companies and businesses are realising the extent to which internal threats are now an issue. These are also potentially the most damaging threats as they exploit access in ways which are difficult to predict. As networks and devices grow and become intertwined, the risk level reaches higher levels. Humans are potentially the weakest link in the system, but they are also you biggest protectors. By teaching your staff and education them to migrate these risks your employees can be your biggest asset against inside security threats.
The most successful companies in 2016 are looking at immune system technologies that aim to look out for abnormalities and alert security teams in time. Rather than localising the problem at an IT level, security threats will become a corporate issue.
Overall the evolution of security relies on the evolution of the criminals and the risks. Where they strike, the security usually follows in a ‘learning from mistakes’ scenario. Companies are better able to anticipate problems or at least predict abnormalities. This kind of prevention is the best solution to a difficult problem going forward in 2016.