By the end of the year and in anticipation of 2016, Symantec Corp.'s experts are giving their own predictions about the threats that are likely to threaten cyber-security.
Safety from design
Το IoT (Internet of Things), χωρίς ενσωματωμένη ασφάλεια από κατασκευής του, θα εξακολουθήσει να είναι ευάλωτο, καθιστώντας το έτσι σε IoV (Internet of Vulnerabilities).
Consumers
Malicious intruders take advantage of the opportunities that arise for attacks against IoT devices with connected and networked devices increasing continuously. Of course, the number of applications is still relatively small and so large-scale attacks on consumers in this sector are not expected. However, occasional smaller outbreaks will occur and those who adopt the first applications should be careful. We expect ad-clicking and ransomware attacks to be among the first types of attacks on the real impact of cyber crime on IoT devices.
Attacks on connected medical devices or cars run a real security threat, and this may mean that regulations and conditions have to be defined. Certificates as well as code signing will play a very important role in safeguarding IoT devices but as we move forward, security should be embedded in the design stage of IoT devices.
Industry
In the connected industry, a huge increase in productivity is predicted, but also a large volume of attacks, which means that many companies will need to be properly shielded. The interruption of production procedureς που οφείλεται σε εξωτερικές επιθέσεις ή αποτυχίες θα αποτελέσουν σίγουρα μία πρόκληση για τις επιχειρήσεις για την υιοθέτηση και ανάπτυξη του Industry 4.0, αλλά θα υπάρξει μια αρκετά δύσκολη πορεία προς τη συνδεσιμότητα. Οι στρατηγικές προστασίας των δεδομένων και οι απειλές τηλεμετρίας θα πρέπει να εξελιχθούν. Πιστεύουμε ότι οι CISOs, βάση σε κάθε επιχείρηση, θα κάνουν μια συνολική προσέγγιση της ασφάλειας των υποδομών information technologys them by establishing special levels of protection. Incorporating the principle of safety from even the design of devices to how they produce new technologies will be crucial in the coming years. Whether we are referring to the design of smart cities, infrastructure or the various robots that will take on an ever greater role in everyday life, they must be ensured both in their planning, upgrading and identification. The environment in which these new technologies evolve must have these principles at their core to ensure security and avoid threats at later stages.
Privacy and data protection
"Is it safe?": Consumer's doubt about wearables
The battle over privacy is dominated by apathy and ease in recent years, and the security industry is often asked: How much we are willing to abandon this security for an easy life? As many wearable devices are increasingly adopted by the general public, more and more data is collected and there is growing competition in systems and devices. Customers, businesses and governments will start to raise legitimate questions like: Where exactly my data goes? For what purposes are they used? Is it safe?
Symantec Covering our backs: insurance, liability and terms
Cyber-insurance: Ensuring good behavior
With the high volume of breaches that occurred in 2015, cyber insurance appears to be an inevitable solution for both businesses and individuals. The prefix "cyber" and the clauses in "cyberspace" will become commonplace for all of us and it is likely that more responsibility will be placed on consumers and businesses to adopt safe practices or reports in risks from insurers. For businesses, this means processes, staff training and education. For consumers, it means more control over the data they share.
Privacy laws will go one step further
The upcoming European Data Protection Directive will clarify the landscape in terms of data governance in the European Union. Organizations must comply with the new requirements concerning the processing of personal data and introduce stricter compliance rules. This is challenging even for the most up-to-date and has raised concerns about the complexity surrounding the new information management processes and the increase in costs. However, all this is necessary for people to realize the real potential of the Internet and new technologies. This will provide priorities and appropriate safeguards to ensure the protection of personal data.
Symantec The evolution in the landscape of threats
Blurred lines between nationstate and lonewolf attacks
The level of complexity previously associated with state sponsorship attacks will be strongly seen in lonewolf attacks. The number of hacking teams conducting state-of-the-art targeted attacks will blur the dividing line between cybercrime and targeted attacks. We will see more and more conflicts in the "real world" playing the role of cyber crime, with new, political motives and new emerging players.
Attacks on demand
Targeted attacks on governments and businesses will become even more targeted, due to the increasing professionalism of hacking teams. To avoid being detected and having security control, attacks will now be designed according to the purpose they want to perform. Each victim will have a unique C&C server, new malware and various attackers. This will make it even more difficult to detect attacks with simple IoC indicators - Indicators of Compromise as advanced methods of correlation between industries and countries will be required.
"Hacking teams will constantly improve by covering their tracks and distracting attention from their goals. They will better implement operational safety on backend infrastructure by making takedowns and identifying stolen data and performance even more difficult. To prevent early detection, encrypted SSL communications and common cybercriminal Trojans will be developed to match massive cyber attacks. " (Candid Wueest, Symantec Threat Researcher)
"This will trigger increased transparency and collaboration in SecurityAnalytics. It will definitely take a while before all of this is done, but 2016 is expecting an increase in the distribution of anonymous security telemetry. As a result, it is likely that some interesting new partnerships will emerge during this period. "
(Darren Thomson, CTO and VP of Technology, EMEA)
Rise of digital ransom
"The scams Ransomware will continue to grow in popularity as they are profitable, relatively simple, and provide vengeful entertainment for those who pursue attacks for fun rather than financial gain. Crypto ransomware will increase, holding the data as ransom. However, we will also see growth in cases where an attacker threatens public disclosure. These cases will be similar to the newer strains of Chimera ransomware or the cases following the Ashley Madison breach. For businesses, we expect blackmail to play a larger role in breaches." (Candid Wueest, Threat Researcher)
Crack on mobile security
The number of new forms of Android malware is likely to remain high or even higher. With more and more features such as identity authentication, business applications, payments, and other features, smart mobile devices and mobile devices in general appear to be one of the primary targets for attackers. It is likely that we will see tighter controls in the application market, while several companies will focus on making it more difficult to compromise system operations.
Violations break identity
Due to the huge volume of 2015 violations, organizations may see the login / password system we know to date is broken and will want to change this system. Two-factor authentication (2FA), especially the one that requires not only something the real owner knows, for example, a password, but also something that only their mobile phone has, for example, will become a common phenomenon. Biometric systems will also begin to evolve into more inclusive and mature solutions. We will also begin to hear about "ECG-based identification" and "vein matching" as we realize that fingerprints are fairly easy to copy.
Looking at security 2016 onwards
- Safety from design to robotics
Robots will undertake many daily tasks and tasks in the next 10 years. This should include ensuring from their design yet approach to ensure their programming, upgrading and identification, so that the environment in which their production evolves is as safe as possible and to avoid possible threats at later stages.
- 3D City Modeling
Real, "smart" cities are still far away, but the planning and planning of these future locations will go a long way in 2016. The first applications of technology in this field will be robust and customizable 3D models of future cities will allow designers and other stakeholders to experience future projects through virtual reality. This also requires a guarantee of a design approach.