Top 10 Cyber Security Risks for 2016

In 2015 we saw some high profile Cyber incidents and not one of us can claim anymore to  be ignorant of the immediate and real dangers we all face in our digital world.

From intimidation and trolling, to incitement to commit self harm or murder, wrapped in the semi cult wrapper of a Jihad, to attacks directly to our wallets with worms, virus, phishing and cons of increasing sophistication. No one is immune.

So what to expect in 2016?

Here are some of the most obvious threats and I am sure there will be more, and new ones that I do not mention here. Strategies for attack will evolve as our defences improve and we learn to combat the proliferation of Cyber threats. Is the digital crime war in its early stages or have we developed enough defensive capability. My guess is we are still learning and being more aware in the year ahead is half the battle.

So what can we expect in 2016?

Well whatever we see, we will see an increase and proliferation of risk, attacks, techniques and sources of threat. Here are my top 10 threats that you and your business can expect to face.

1. Password Fraud: The classic password management and process threat will continue to be the most prevalent. The critical reason is it is the digital threat most affected by personal behaviour which has inevitable failure, weaknesses and cycles of complacency built in. The challenge is putting in place and enforcing stronger user-controlled passwords that are less likely to be broken. Education is ultimately futile and the battle of security versus ease of use continues. Double and treble protection layers that are less subject to complacency are more likely. However, like running water the threat will find its least point of resistance and ubiquitous opportunity leads to increased motivation for our enemy. Despite increasing educational, administrative, enforced policies, remote devices, federated ID, new creative solutions and enforced policies expect to see continued escalation of this threat.
2. State-Sponsored Espionage - We have seen reported activity from a number of countries, including North Korea, Turkey, Iran, Russia as well as the super powers China and US, and even Germany, UK and the Netherlands – sounds like an espionage 007 Mission Impossible film trailer, but a cold war dangerous cocktail that goes global is a potential doomsday scenario. The "Motivation" is everything from defence, surveillance, political, data, secrecy, commercial espionage, financial gain and offensive pre-emptive strikes against arch enemies. Increased resources, sophistication and access to technology can fuel an epidemic of state sponsored activity. Look forward to increased evidence and higher profile incidents in 2016.
3. Mobility: Management and security of mobile networks and smart mobile devices becomes even more challenging when we add in the Internet of Things! Expect 2016 to bring some innovative surprises combining people’s mobile apps and their heating and personal finance networks combine to provide hackers with even greater opportunity.
4. Executive Complacency - Boards, CEO’s and Management are pre-occupied with other higher priorities, financial deadlines and bonuses  than an unseen digital threat. Corporate culture complacency is perhaps the most prevalent Cyber weakness we face and can only change their mind-set and behaviour post a critical incident and first hand experience.
5. Sabotage – We have seen Sony and Carphone Warehouse recently, expect to see other CEO’s on breakfast TV explaining the latest high profile brand attack. Public ransoms and PR disasters will be an increasing trend in 2016 until brand owners get the message and provide the right level of priority. It will not just be the public websites of well-known brands but critical infrastructure and computer networks will be targeted. Combining social media and even generic political messaging with software based complex multi-faceted attack profiles will provide a certain level of evolution and creativity in the coming year.
6. Cloud Migration: As organizations come under pressure to reduce cost and move to more virtual computing power, the year ahead will see ever increasing movement of critical systems into the cloud. Key issue here is the dilution of technical and security know how being stretched to the limit and as increasing numbers of applications, processes, people and divisions become increasingly cloud reliant, then the intersection between human, subcontractor, process and application hand offs’ will create unbound points of weakness and opportunity. Migration into virtual shared infrastructures changes how we address information security and risk management. The challenge is that cloud security processes and solutions are still being developed. Ultimately, with innovation and planning, cloud services could reduce business risks by providing greater flexibility, resiliency and security. I would place this in the unknown territory and the maturity of technical expertise needs to catch up with the trend to virtual computer power.
7. Botnets et al - Organized crime has shifted to the digital underworld. The most dangerous are the use of the intrusive and pervasive Botnets, Zero Day Threats and Phishing. We may all have intrusions into all of our devices right now and we would not know. The most worrying aspect is the designers of these threats are the most sophisticated and cutting edge creative technologists that are well in advance of personal, corporate and government networks.  Organizations continue to face the on-going challenges of securing a continually evolving network perimeter. Controlling this agile attack, adaptive and surreptitious of threats could be the biggest losing battle for 2016.
8. Server Misconfiguration: Plain old simple poor cyber hygiene and infrastructure management habits will continue to provide cyber-attack opportunities in 2016. Server misconfiguration has been identified by The HP Cyber Risk Report as the most prevalent source of vulnerability. This includes access to unnecessary files and directories, outdated software, redundant security protocols and flagrant open access to savvy intruders.
9. Bring You Own – Again flexibility, personal freedoms and pressure of IT cost reduction has driven the bring-your-own-device into work trend. People mixing up personal and corporate data, passwords and applications can provide a new palate of creativity for cyber artists to conjure up new combinations of attack in 2016. The inadvertent injection of malware through removable media or web interconnections can make any employee the origination point for a network security violation.
10. Insider threat: A dissatisfied employee base can provide a vector for insider security events. As awareness of using Cyber attacks against corporations combines with increasing corporate dissatisfaction from the employee body, with trends of "Rage Against the Machine" all fuelled by a social media frenzy, then the insider threat is never greater. I would predict at least one high profile insider incident hitting the headlines in the year ahead.

Whatever the source of the threat in 2016 you can expect there to be a greater number of higher profile examples and new inventive ways for the attackers to breach Cyber defences than ever before.

We can also expect heightened awareness from executives around the world with an increased priority of spend and focus on Cyber Security.

Never has there been a greater threat to us all than what lies ahead in 2016.

Are you ready?