Did 2016 IT Predictions for Security Come to Fruition?
At the beginning of the year, IBM Security gave its 2016 IT predictions for security. Did they come to fruition? Well, their overriding expectation was to see increased concern about data breaches, as well as a need for new technology and problem-solving to handle these threats — and they certainly weren’t wrong.
Organized Crime Shifts to Businesses
Organized cybercrime was expected to shift its focus to businesses in 2016, and that’s just what happened. A recent Gemalto study found that public and private organizations likely saw a total of more than 1 billion data records breached in 2016, up considerably from the previous year.
However, the previous trend of megabreaches hasn’t continued. Rather, breaches are increasingly targeted against specific individuals at organizations, and businesses of all sizes can be affected. According to PhishMe, 91 percent of cyberattacks begin with a phishing email, and instances of business email compromise were up a staggering 1,300 percent in 2016.
Another growing phenomenon for businesses is the rise of CEO fraud, in which an attacker spoofs an email to make it appear to come from the company’s CEO and asks the recipient to wire funds to the fraudsters.
The bump in organized cybercrime coincides with another key prediction: that cyberextortion would increase. Indeed, ransomware has become a growing problem. Previously associated with attacks against individual consumers, the threat of ransomware is shifting to enterprises. According to Osterman Research, nearly 40 percent of organizations globally were hit by ransomware in 2016, and many of these — 12 percent in the U.S. and 25 percent in Canada — had to cease operations as a result.
The FBI estimates losses caused by ransomware exceeded $1 billion in 2016, CNN reports. A recent study by Intermedia found that large businesses now face as many ransomware risks as smaller businesses, and while ransom prices can be exorbitant, user downtime is an even bigger drain on company cash flow.
Security Inside the IoT
As projected, security issues related to the proliferation of connected devices in the Internet of Things (IoT) were frequent in 2016. Distributed Denial of Service (DDoS) attacks against devices making up the IoT have increased, Infosecurity reports. Many of these devices are designed with functionality and connectivity in mind, but scant attention is often paid to securing them. As the number of machines connected to the IoT continues to grow, this threat will likely continue to escalate.
Rise in CNP Fraud
Last but not least, payment fraud made its anticipated shift to card-not-present (CNP) transactions. In the U.S., the switch to the EMV technology standard for credit and debit cards was supposed to have been completed in October 2015, making it harder to use fraudulent cards at physical points of sales. In response, criminals have been making greater use of online sales channels to commit fraud. According to Aite Group, CNP fraud will likely continue to rise, leading to $6 billion in fraud losses by 2018.
Heading into 2017, there’s no letup in sight when it comes to security, and organizations of all sizes must be increasingly vigilant. Automation is key to improving security and providing the visibility required for preventing and reacting to incidents. Organizations need to do more; they need to raise awareness among their staff and foster a security-minded culture. As the threats increase in sophistication and number, staying prepared is the best way to meet the challenge head-on.