Cyber security has become a game of cat and mouse. Security evolves and criminals adapt. Or is it the other way around? Either way, cyber threats pose a significant risk to businesses. And, according to the McAfee Labs 2016 Threats Predictions Report, businesses should be prepared for another year of cyber threats, some old and some new.
McAfee Labs predicts that cyber threats will expand and evolve in 2016, and beyond. The changing landscape is due in part to a billion more users by 2019, 2.6 billion more smartphone connections by 2020, and 35 more zettabytes by 2020. (A zettabyte — 1 followed by 21 zeros— is roughly equivalent to 36 million years of HD video.) With this in mind, McAfee Labs made a number of predictions about cyber threat in 2016, including:
Hardware: Hackers often use intimate knowledge of a manufacturer’s firmware and code to develop sophisticated and persistent malware. In 2016, the trend of hardware attacks will continue, so recognizing how system components below the operating system can be exploited will remain critical to defending against attacks.
Ransomware: Ransomware is a permanent denial-of-service attack that makes certain files unusable, despite leaving systems operational and maintaining data. Ransomware will remain a major and rapidly growing threat in 2016, and the Mac OSX (operating system) will increasingly be targeted.
Employee Systems: Hackers will increasingly turn to the relatively insecure home systems of a business’s employees. In 2016, businesses are expected to provide more advanced security technology for employees to install on their personal systems, and to spend more on personnel training and security awareness initiatives.
Cloud Services: According to the report, the level of sensitive and confidential company data shared on business-oriented cloud services and platforms is alarming. Many businesses are at the mercy of their provider’s security controls and have little insight into their provider’s security posture. As a result, cybercriminals will increasingly hack into cloud services platforms.
Wearable Devices: The growing number of wearable devices, particularly their Bluetooth connection to a smartphone, is creating a target-rich environment for hackers. Breaches involving control apps for wearable devices, which are expected to increase in the next 12 to 18 months, will provide valuable data for spear-phishing attacks. For example, GPS data from a running app tied to a fitness tracker can be used to craft an email that is more likely to be opened. If a user visits a coffee shop after the gym, an attacker could write an email saying “I think you dropped this at the coffee shop this morning,” and attach a link to an infected image file.
Automobiles: Attacks on automobile systems will increase in 2016 because much of the hardware lacks foundational security principles. Without adequate security, cybercriminals may create transportation deadlocks, impact road safety and threaten people’s lives.
Stolen Data Warehouses: The accumulation of stolen data over the years is predicted to develop a robust market for stolen sensitive information in 2016. Specialized underground warehouses will surface, offering stolen personal data, compromised credentials and infrastructure details from multiple sources, which can be used to bypass standard security components.
Perhaps these predictions explain the growing number of businesses purchasing new cyber insurance policies or increasing coverage under existing cyber policies. Unlike traditional commercial insurance policies, Cyber Liability and Security Breach (Cyber Perils) Insurance policies protect against privacy injuries, such as identity theft, and cover the cost of complying with data breach notice laws.
We would be happy to provide you with more information about insurance for existing and emerging cyber threats.
Additional information is also available in our weekly Risk Management Newsletters.