2015 was a record breaking year for data breaches impacting almost every sector – healthcare, education, financial services, retail, the federal government and more. During the first three quarters of the year, over 3,000 data breaches were reported. Of course, the most eye-opening breach of all was at the Office of Personnel and Management (OPM), where the sensitive data of more than 21.5M federal workers and contractors was exposed, as well as biometric data. Every time there’s a new breach where data leaks out, it’s just another opportunity for cyber criminals to use the exposed data to steal identities and carry out other malicious deeds.
As we look ahead into 2016 and beyond, we predict the following events:
- Hackers will exploit weaker supply chain partners. There is a trickle down effect when data breaches occur and supply chain partners are not immune. Once forensic analysis and investigations are completed, there’s often a clearer understanding of how a breach happened in the first place. With the Target and Anthem attacks, not only were employees and customers impacted, but others who were connected to the breached victims were put at risk as well. It is widely known that the hackers first gained access into Target’s system through one of its HVAC vendors. In 2016, we’ll see more B2B companies not only invest heavily in their own security upgrades but also demand a higher level of security from their partners.
Hackers will get more creative and breach a hot new target: IoT devices. According to Gartner, by 2050, there will be over 20 billion connected devices in our homes and in the workplace. Wearable products such as the Apple Watch, fitness trackers and new “smart” objects such as household appliances and connected cars were counted among 2015’s hottest products. With new technology, comes new security threats. In 2016, we expect to see security holes exposed by IoT will dwarf today’s traditional cyber threats. With expansive user bases scattered in the cloud and among third-party vendors, IoT devices running mobile applications can be hacked or riddled with malware, with the potential to affect millions.
Encryption technology will become the norm. There is an ongoing debate among government agencies and technology providers regarding the use of encryption. Encryption provides a much stronger layer of protection for consumers and businesses which prevents government actors from accessing files and communications. While governments may want access to certain individual assets, technology companies who open the doors to one individual or agency provide an opening for any hacker to penetrate that system.
Wearable devices will force BYOD policy changes. Now that wearables like the iWatch are the new “norm,” companies will have to adjust their BYOD policies to accommodate for all IoT devices brought into the workplace — not just smartphones. According to a survey from IT staffing firm Modis, 90 percent of employees surveyed were interested in receiving a wearable device from their employer to complete work tasks and 60 percent said they would be extremely interested in using such a device at work. As employees begin to use wearables for work-related activities, IT security teams will have to rethink how these will impact the company and revamp security policies and employee training.
OEMs will implement greater security in their products. In 2016, original equipment manufacturers (OEMs) will integrate security features into the hardware and software layers of a device from the onset of design, rather than as an afterthought. By preloading mobile devices with security apps, customers are immediately protected, from the moment their phone is booted up. As a result, consumers will feel more secure in using their mobile device for things like e-commerce transactions and web-browsing, potentially reducing the number of software security patches OEMs are responsible for, as a result.
Yes, mobile technology is bringing new, sophisticated cyber threats into our workplaces and homes, but it’s also bringing greater convenience and productivity. As we adapt to this new landscape, cybersecurity investments cannot be overlooked.