Apple devices like the iPhone, then the password biometrics, the Internet of Things, and network infrastructure will be one of the main targets of cyber criminals. Not only that, there are many other security threats in 2016.
Throughout 2015, Symantec saw how consumer confidence has been shaken by a number of successful cyber breach exposing the identity of millions of people. The case of cheating website Ashley Maddison, for example.
"These efforts have changed the cyber-crime is becoming big business with the theft of personal information in a very large scale," said Eugene Teo, Senior Manager of Security Response Symantec Singapore, said in an email received detikINET, Friday (11/12/2015).
Thus, there is no easy and fast technology that would guarantee immunity from internet crime. Especially if the attack was preplanned, pre-determined and targeted who will be a victim.
So, what will happen in 2016? What would be the greatest threat to consumers and companies as a target? How some of the latest technology trends impact on the privacy and regulation?
And most importantly, how the company will respond to a data breach when a data breach itself is no longer a problem, but rather the time of intrusion data?
Due to the year-end nears, Symantec's security intelligence team has collected top security predictions for next year and beyond. Here is a summary of Symantec predictions for potential threats throughout 2016:
1. Security in IOT Devices
Because more and more consumers buy smart watches, activity tracker, holographic headset, and the Internet of Things (IOT) others, the need to increase the security on these devices will become increasingly urgent.
Based on Gartner's report entitled Agenda Overview for the Internet of Things, approaching the year 2020, 30 billion devices connected to be used in a variety of industries and IOT will touch each role within the company.
There is no doubt that the market for devices that are compatible with the Internet of Things is growing, but is still highly fragmented, with a great diversity in the hardware platform and operating system low cost.
When the leaders of emerging markets and certain ecosystems grow, attacks against these devices will inevitably increase, as we have seen on the Android platform attacks.
The good news is that the OS makers, especially at Apple, to take steps in improving security in the ecosystems they support, such as HomeKit.
Moreover, developing the concept of "treatment anywhere - care is everywhere" may see that the medical safety device safety will be the main topic in 2016.
It was widely known that the life support device such as a pacemaker or insulin pump can be compromised. Fortunately, to date, no such cases have been reported outside of security research proof-of-concept; However, the potential impact is still high.
Under the umbrella of the growing of mobile health, or mHealth, new models of care services which will move the device to the patient's home. This will place medical devices on the public network, menediakan medical applications through consumer devices such as smartphones, and the linking of personal data with clinical information.
With these changes happening so fast, the regulation may be forced to pursue technology in 2016. We might find that some countries or industries will begin to develop guidelines to address new risks from the use of inside information, proprietary data, and approval presented by the IOT ,
2. Users of Apple increasingly been seen by criminals Cyber
Apple devices increasingly popular in recent years. According to IDC, the company is now accounted for 13.5% of global smartphone shipments and 7.5% of global PC shipments.
Increased use of getting attention from attackers. An increase in the number of actors attackers have begun to develop specific malware designed to infect devices running on Mac OS X or Ios.
Although the number of threats targeting Apple's operating system is still quite low when compared with the company's major competitors (the Windows desktop and Android phones), the number of threats which revealed growing steadily in recent years. Along with this, the malware infection rate associated with Apple have soared, especially in the last 18 months.
Security researchers have also given greater focus on vulnerabilities in Apple software, with a number of high profile loopholes found in the past year.
Broker zero-day has began offering a ransom for vulnerabilities Apple, with a value of USD 1 million recently paid to jailbreak iOS 9.1.
If the popularity of Apple continues to climb, it looks like this trend will continue in 2016. Apple users should not be satisfied with the security and must change their perception that Apple devices are free from malware.
Because of this perception is also that then opens opportunities for cyber criminals to take advantage of them. Apple device users need to take action to prevent their devices infiltrated.
3. Battle vs Ransomware Malware Distribution Network
From the beginning of the beginning of the emergence in countries that speak Russian, ransomware also has grown and spread to Western Europe, USA, Canada, Australia, Europe and Asia.
Very likely that some of these groups were responsible for the original ransomware is a part of this expansion, but other criminal groups were also involved. It seems clear that fraud is lucrative for criminals and there is a tendency to increase.
There is a possibility ransomware groups would conflict with more traditional malware spreaders in 2016. Ransomware infections are open and clear, while the majority of other malware infections covered and unconscious.
The presence of ransomware on the computer will usually ask the computer's owner to clean your computer thoroughly, removing any malware. When ransomware may have been installed by a separate piece of malware, other malware will be removed, cut the malware operator business model.
By 2016, more malware distribution network may refuse to distribute malware obvious, forcing the group ransomware to develop their own distribution method (as was done Trojan.Ransomlock.G and Trojan.Ransomlock.P).
Due to increased awareness of fraud action, the attackers and malware they tend to develop and use a variety of more sophisticated techniques to avoid detection and prevent removal. Ransom letter may also be developed, and the attacker will use different lures to fool innocent users.
4. Cyber Insurance
When we see the rapid adoption of cyber insurance, there are two main factors driving this growth: new regulations that require companies to respond to the breach of information; and an increase in cyber criminals who use stolen information for payment fraud, identity theft, and other crimes.
Cyber attacks and data breaches cause reputation damage and business interruption, but most importantly, all of this at great expense. Relying on IT defense alone could create a false sense of security; however, no organization is immune from risk.
By 2016 many companies will switch to cyber insurance as another layer of protection, particularly as cyber attacks began to mimic real-world attacks.
Cyber insurance offers protection for organizations to reduce their risk, but the company should consider all options of insurance cover carefully. This is not about ticking boxes; it's about finding policies that protect the brand, reputation, and the company's operations when dealing with violations.
Cyber insurance growing as fast as the development of technology. What is covered is currently not available three years ago, and the addition of insurance coverage will continue to be negotiated in the market every day because of data breaches and cyber risks growing.
5. Infrastructure Attacks Targets
We have seen attacks on infrastructure, and in 2016 we could see an improvement in that regard. Motivation of attack critical infrastructure is politics and crime, with countries and political organizations run campaigns cyber war, and criminals who attack for profit or ransom.
IOT industry becomes more connected because the requirements and demands for reporting and increased functionality through connectivity with additional services. These changes introduce a larger attack surface to a more traditional hardware to secure the environment.
6. Improved Encryption Requirements
Encryption is quickly becoming the technology industry mantra everywhere. With so much communication and interaction between people and the system is going through an insecure network such as the Internet and vulnerable, strong encryption for data in transit has been well recognized for some time and are generally applied.
Unfortunately, many devices and new applications have poor implementation, which led to the vulnerability that allows an attacker who focus on getting access to communications.
For example, mobile devices have become the center of most people's lives for the sake of communication, data storage and general technology interaction. This is a high-value targets for cyber criminals, who want to exploit it.
Mobile OS makers continue to make improvements to their encryption products to fill the lack of applications and services makers. While the trend is that more encryption is a good measure to protect user data from cyber criminals.
It also has raised the ire of the government who believe this to be an obstacle for law enforcement. It seems crypto wars that have occurred in the 90s will be repeated in the next two years.
7. Biometric Security Critical Point
Over the past two years seen a significant increase in the use of biometrics. It is expected to grow significantly with major industry players to implement new capabilities well with the new sensor in the device and the adoption of biometric authentication frameworks such as FIDO and TouchID.
This facilitates the security of biometric information storage devices (such as fingerprints) as well as interoperability between applications and systems. This means that biometrics could finally answer the question "what's in it for me?" asked by consumers, while replacing traditional passwords with strong authentication PKI protected by a biometric sensor.
Consumers got a better security with enhanced ease significantly for unlocking the device, purchases and payments. It also led the company adopted the biometric so that probably is starting to look a decrease in reliance on passwords.
8. Gamification and Simulation
Internet security depends on the human element as much reliance on technology. If humans are more skilled, they can help reduce the risk. It's like what happens when consumers avoid fraud, as well as government officials who avoid social engineering in targeted attacks.
In this context, security gamification will be used to change the "desire of the moment" into a lasting change in behavior by rewarding psychologically and instant gratification of a simple computer game.
Security gamification can be used for, for example, to train consumers to be wary of phishing emails or to create, remember, and use strong passwords. Symantec saw a huge market opportunity and a great need for this type of training in 2016.
The company will also invest more in preparing to deal with security breaches and better understand their defense by using simulation and security "war games."
By expanding the conventional penetration testing be simulated response and recovery phase, companies can train their employees and increase their readiness.
This message was also conveyed to the government. In January 2015, British Prime Minister David Cameron and US President Barack Obama agreed to carry out cyber attacks "war game" to each other. Companies can imitate their simulations in 2016.
(rou / rou)
 |
| Detik |
"These efforts have changed the cyber-crime is becoming big business with the theft of personal information in a very large scale," said Eugene Teo, Senior Manager of Security Response Symantec Singapore, said in an email received detikINET, Friday (11/12/2015).
Thus, there is no easy and fast technology that would guarantee immunity from internet crime. Especially if the attack was preplanned, pre-determined and targeted who will be a victim.
So, what will happen in 2016? What would be the greatest threat to consumers and companies as a target? How some of the latest technology trends impact on the privacy and regulation?
And most importantly, how the company will respond to a data breach when a data breach itself is no longer a problem, but rather the time of intrusion data?
Due to the year-end nears, Symantec's security intelligence team has collected top security predictions for next year and beyond. Here is a summary of Symantec predictions for potential threats throughout 2016:
1. Security in IOT Devices
Because more and more consumers buy smart watches, activity tracker, holographic headset, and the Internet of Things (IOT) others, the need to increase the security on these devices will become increasingly urgent.
Based on Gartner's report entitled Agenda Overview for the Internet of Things, approaching the year 2020, 30 billion devices connected to be used in a variety of industries and IOT will touch each role within the company.
There is no doubt that the market for devices that are compatible with the Internet of Things is growing, but is still highly fragmented, with a great diversity in the hardware platform and operating system low cost.
When the leaders of emerging markets and certain ecosystems grow, attacks against these devices will inevitably increase, as we have seen on the Android platform attacks.
The good news is that the OS makers, especially at Apple, to take steps in improving security in the ecosystems they support, such as HomeKit.
Moreover, developing the concept of "treatment anywhere - care is everywhere" may see that the medical safety device safety will be the main topic in 2016.
It was widely known that the life support device such as a pacemaker or insulin pump can be compromised. Fortunately, to date, no such cases have been reported outside of security research proof-of-concept; However, the potential impact is still high.
Under the umbrella of the growing of mobile health, or mHealth, new models of care services which will move the device to the patient's home. This will place medical devices on the public network, menediakan medical applications through consumer devices such as smartphones, and the linking of personal data with clinical information.
With these changes happening so fast, the regulation may be forced to pursue technology in 2016. We might find that some countries or industries will begin to develop guidelines to address new risks from the use of inside information, proprietary data, and approval presented by the IOT ,
2. Users of Apple increasingly been seen by criminals Cyber
Apple devices increasingly popular in recent years. According to IDC, the company is now accounted for 13.5% of global smartphone shipments and 7.5% of global PC shipments.
Increased use of getting attention from attackers. An increase in the number of actors attackers have begun to develop specific malware designed to infect devices running on Mac OS X or Ios.
Although the number of threats targeting Apple's operating system is still quite low when compared with the company's major competitors (the Windows desktop and Android phones), the number of threats which revealed growing steadily in recent years. Along with this, the malware infection rate associated with Apple have soared, especially in the last 18 months.
Security researchers have also given greater focus on vulnerabilities in Apple software, with a number of high profile loopholes found in the past year.
Broker zero-day has began offering a ransom for vulnerabilities Apple, with a value of USD 1 million recently paid to jailbreak iOS 9.1.
If the popularity of Apple continues to climb, it looks like this trend will continue in 2016. Apple users should not be satisfied with the security and must change their perception that Apple devices are free from malware.
Because of this perception is also that then opens opportunities for cyber criminals to take advantage of them. Apple device users need to take action to prevent their devices infiltrated.
3. Battle vs Ransomware Malware Distribution Network
From the beginning of the beginning of the emergence in countries that speak Russian, ransomware also has grown and spread to Western Europe, USA, Canada, Australia, Europe and Asia.
Very likely that some of these groups were responsible for the original ransomware is a part of this expansion, but other criminal groups were also involved. It seems clear that fraud is lucrative for criminals and there is a tendency to increase.
There is a possibility ransomware groups would conflict with more traditional malware spreaders in 2016. Ransomware infections are open and clear, while the majority of other malware infections covered and unconscious.
The presence of ransomware on the computer will usually ask the computer's owner to clean your computer thoroughly, removing any malware. When ransomware may have been installed by a separate piece of malware, other malware will be removed, cut the malware operator business model.
By 2016, more malware distribution network may refuse to distribute malware obvious, forcing the group ransomware to develop their own distribution method (as was done Trojan.Ransomlock.G and Trojan.Ransomlock.P).
Due to increased awareness of fraud action, the attackers and malware they tend to develop and use a variety of more sophisticated techniques to avoid detection and prevent removal. Ransom letter may also be developed, and the attacker will use different lures to fool innocent users.
4. Cyber Insurance
When we see the rapid adoption of cyber insurance, there are two main factors driving this growth: new regulations that require companies to respond to the breach of information; and an increase in cyber criminals who use stolen information for payment fraud, identity theft, and other crimes.
Cyber attacks and data breaches cause reputation damage and business interruption, but most importantly, all of this at great expense. Relying on IT defense alone could create a false sense of security; however, no organization is immune from risk.
By 2016 many companies will switch to cyber insurance as another layer of protection, particularly as cyber attacks began to mimic real-world attacks.
Cyber insurance offers protection for organizations to reduce their risk, but the company should consider all options of insurance cover carefully. This is not about ticking boxes; it's about finding policies that protect the brand, reputation, and the company's operations when dealing with violations.
Cyber insurance growing as fast as the development of technology. What is covered is currently not available three years ago, and the addition of insurance coverage will continue to be negotiated in the market every day because of data breaches and cyber risks growing.
5. Infrastructure Attacks Targets
We have seen attacks on infrastructure, and in 2016 we could see an improvement in that regard. Motivation of attack critical infrastructure is politics and crime, with countries and political organizations run campaigns cyber war, and criminals who attack for profit or ransom.
IOT industry becomes more connected because the requirements and demands for reporting and increased functionality through connectivity with additional services. These changes introduce a larger attack surface to a more traditional hardware to secure the environment.
6. Improved Encryption Requirements
Encryption is quickly becoming the technology industry mantra everywhere. With so much communication and interaction between people and the system is going through an insecure network such as the Internet and vulnerable, strong encryption for data in transit has been well recognized for some time and are generally applied.
Unfortunately, many devices and new applications have poor implementation, which led to the vulnerability that allows an attacker who focus on getting access to communications.
For example, mobile devices have become the center of most people's lives for the sake of communication, data storage and general technology interaction. This is a high-value targets for cyber criminals, who want to exploit it.
Mobile OS makers continue to make improvements to their encryption products to fill the lack of applications and services makers. While the trend is that more encryption is a good measure to protect user data from cyber criminals.
It also has raised the ire of the government who believe this to be an obstacle for law enforcement. It seems crypto wars that have occurred in the 90s will be repeated in the next two years.
7. Biometric Security Critical Point
Over the past two years seen a significant increase in the use of biometrics. It is expected to grow significantly with major industry players to implement new capabilities well with the new sensor in the device and the adoption of biometric authentication frameworks such as FIDO and TouchID.
This facilitates the security of biometric information storage devices (such as fingerprints) as well as interoperability between applications and systems. This means that biometrics could finally answer the question "what's in it for me?" asked by consumers, while replacing traditional passwords with strong authentication PKI protected by a biometric sensor.
Consumers got a better security with enhanced ease significantly for unlocking the device, purchases and payments. It also led the company adopted the biometric so that probably is starting to look a decrease in reliance on passwords.
8. Gamification and Simulation
Internet security depends on the human element as much reliance on technology. If humans are more skilled, they can help reduce the risk. It's like what happens when consumers avoid fraud, as well as government officials who avoid social engineering in targeted attacks.
In this context, security gamification will be used to change the "desire of the moment" into a lasting change in behavior by rewarding psychologically and instant gratification of a simple computer game.
Security gamification can be used for, for example, to train consumers to be wary of phishing emails or to create, remember, and use strong passwords. Symantec saw a huge market opportunity and a great need for this type of training in 2016.
The company will also invest more in preparing to deal with security breaches and better understand their defense by using simulation and security "war games."
By expanding the conventional penetration testing be simulated response and recovery phase, companies can train their employees and increase their readiness.
This message was also conveyed to the government. In January 2015, British Prime Minister David Cameron and US President Barack Obama agreed to carry out cyber attacks "war game" to each other. Companies can imitate their simulations in 2016.
(rou / rou)
No comments:
Post a Comment