Top cybersecurity experts talk trending threats
2015 was a big year for cybersecurity - will 2016 be even bigger? We looked into the trends forecasted by the biggest influencers in the cybersecurity community and pulled the top four for our 2016 trends list. From changes in mobile security to increased tax-refund fraud, 2016 has it all.
Tax-related phishing scams broken down by Graham Cluley
Graham Cluley is an award-winning security blogger; he has been working in the computer security industry since the early 1990’s. He was inducted into the InfoSecurity Europe Hall of Fame and was given an honorary mention in the “10 Greatest Britons in IT History” for his contribution as a leading authority in Internet security. The increase in the number of reports of tax-related phishing and malware schemes has caught Cluley’s eye as a security threat to look for in the coming year. The IRS has seen an “approximate 400 percent surge” in the phishing scams and malware attacks. The “official-looking communications are being received, claiming to come from the IRS and companies that develop accounts software and provide services for assisting in the preparation of tax returns. And the tax-related criminal campaigns are not just being distributed via email, but are also being sent via SMS text messages.” The IRS has had “1,026 malware and phishing incidents reported already this year, compared to the 254 in the same time period last year.” Cluley suspects what makes these tax-related scams so successful compared to other businesses is that “we cannot choose ‘not’ to deal with the IRS and other tax agencies” and people let their guard down. The IRS predicts the problem will only get worse as tax season continues. Cluley’s advice to taxpayers is to “always exercise a healthy skepticism about the messages that arrive in your inbox” and to stay up to date on the latest threats.
CISOs discuss the future of passwords
The Security Current blog surveyed 10 CISOs from across industries on the effectiveness of current passwords and to predict the future of passwords as the sole authentication method. Overall, the CISOs agreed that traditional passwords may soon to be a thing of the past as the sole method of identification. They see “enterprises moving to augment or supplant the traditional password with advanced technologies." Hussein Syed, Barnabas Health CISO, says companies relying solely on passwords, as the only authentication source is negligent. “A vast range of security controls must be instituted. This includes two-factor authentication” - which is “essential for remote access and privileged account security.” According to Syed, “organizations should establish holistic and measurable programs that can scale with their security and privacy needs.”
The future of mobile security according to Matthew Pascucci
Matthew Pascucci is a freelance blogger, cybersecurity architect and advocates online privacy. In light of the ongoing FBI vs. Apple case, mobile security is an important topic to Pascucci and the privacy implications involved. The case will set the precedent for mobile security and how mobile vendors will develop their security going forward. This case proves “that our mobile phones need to be secured and we need to understand the long term effects of what this means for mobile vendors, app developers and mobile device users.” If Apple loses the case “the ability to have third party access data, or bypass the encryption, of a mobile device could start a trend of mobile app developers to enable strong encryption or security within their applications. This ability to access a mobile device could cause a stir among mobile app developers to start performing better security and encryption within their app and not rely on the security of the mobile phone as an umbrella.” The effects of this case will have lasting impacts on mobile security.
OTA predicts significant increase in ransomware extorting businesses
The Online Trust Alliance (OTA) is a non-profit with the goal to educate and enhance the protection of users’ security, privacy and identity. OTA’s members include leaders in public policy, technology, ecommerce, social networking, mobile, email and interactive marketing, financial, service provider, government agency and industry organization sectors. OTA released it’s 2016 Data Protection and Breach Readiness report analyzing key cybersecurity and online privacy trends. OTA found “cybercriminals are increasingly targeting businesses with ransomware – malicious software that prevents or limits users from accessing their computer systems and then forces its victims to pay a ransom in order to get back access. OTA also concluded that recent ransom demands have shifted from opportunistic extortion to being market-based. Craig Spiezle, Executive Director and President of OTA says “much like surge pricing for taxis, cybercriminals now target and calculate their ransomware pricing based on company size, market value and much more.” According to the data OTA found 91% of data breaches could have been prevented easily by patching a server, encrypting data or other small fixes. Neil Daswani, CISO of LifeLock, cautions that “as companies amass larger quantities of diversified data and increase their reliance on their party service providers, every business must have safeguards in place and be prepared to react strategically in the event of a breach.” Going forward, we will see the impact that these trends have on the future of security and if new ones will emerge.
See how you can stop threats by securing remote access to your network