Top 10 security forecasts
Security vendor LogRhythm announces its security predictions for 2016.
According to Roland Messmer, Director Central and Eastern Europe of LogRhythmThis year, the following ten topics are increasingly in the spotlight:
Smart Home: More and more sensors, cameras and recording devices that can be controlled via mobile devices are being used in privately used apartments and houses. As a result, these, along with smart home technology, are coming under increased scrutiny from hackers whose goal is to steal data or simply cause havoc.
Digital pickpockets: With their payment options and ID credentials, digital wallets tied to mobile devices are not only convenient for users, but also the gateway from marketing and sales for businesses. As a result, illegitimate access to mobile devices is increasingly becoming the target of pecuniarily motivated cybercriminals.
Protective value: Instead of "simply protecting everything in the network" and establishing more or less effective individual solutions, IT departments will remember to act as a unit and see the protection of critical resources as a central task. A defense-in-depth security strategy focuses on the most critical digital components of the enterprise.
Identity & Access Management: Enterprises will invest more money and R&D resources in behavioral modeling, analytics, and identity access management to track behaviors. Corresponding customer demand will reinforce this industry trend.
Educational Institutions: Schools, universities and other educational institutions have extensive databases that are of interest to cybercriminals: personal information, data on payment histories and donations, fee lists. However, most educational institutions neglect to secure their IT systems. This makes information about and from professors, students, parents and administrators increasingly popular targets for attack.
Hacking for the good cause: More and more groups - see Anonymous - want to leave the dark side and put their hacking activities at the service of the general public. Increasing awareness and praise on social media channels is a stronger incentive than financial gain. Young talent is also being catered for, as schools are increasingly teaching in the areas of technology and programming that are considered 'cool'.
Renaissance of Security: Security is a hot potato. The fact alone that a place is now often reserved in the boardroom for the Chief Information Security Officer shows how important this area is considered to be across all industries. However, many companies still do not have adequate protection for their IT infrastructure, and there is a lack of security awareness or training to implement effective self-protection conclusively. It will be interesting to see how companies that refuse to make an end-to-end security commitment will cope with the ever stricter legal requirements.
Critical Infrastructures: The number of critical infrastructures will increase significantly in numerous industries such as energy supply, financial services and healthcare. In order to realize their effective protection, there is a great willingness among CISAs (Certified Information Systems Auditors) to openly share the relevant information on protection, security and threats. But whether it comes down to "security by obscurity" or "full disclosure" is also a political decision. So a lot will happen - or nothing at all.
Ransomware: Ransomware attacks are usually extremely dynamic in nature and are now also targeting Mac systems and mobile devices. Since end users have little choice but to pay to regain access to their systems, cybercriminals smell a good deal. Presumably, the operators of this form of attack will now also focus on companies as victims.
Security Vendors: Despite the continuously published news about data thefts, many companies still do not have an adequate security infrastructure for their protection against cybercriminals. However, it is not up to private users to learn how to secure their systems at home. Ultimately, it is the responsibility of security vendors to develop better software, systems, and patch mechanisms, as well as provide training and services to better protect people's and businesses' digital assets and help raise awareness of security issues.