Over the past few years, the high-profile data breaches that the enterprise and consumer worlds have experienced have caused, undoubtedly, a great deal of damage. But they have also offered teachable moments for the security industry as it grows to understand the ways that our rapidly advancing, tech-centered world has left us vulnerable. The point-of-sale data breaches of 2013 and 2014 were a wakeup call about the need for comprehensive security when dealing with integrations of technology and commerce. Last year’s proliferation of healthcare cloud hacks raised an ongoing debate about cloud storage and regulatory compliance. And the hack of illicit dating site Ashley Madison drove home just how personal the ramifications of data loss could be in an era in which we live much of our lives online.
The data breaches that have made the news this year have not yet revealed quite so consistent a theme as earlier years. But there have certainly been lessons to learn. Healthcare providers have continued to be targeted in the early part of 2016, both through hacks and physical theft, showing that hackers wanting to get their hands on healthcare data won’t stop anytime soon. The once-essential social media site Myspace, now fallen into comparative obscurity, had its user database hacked, giving hackers access to archival password information from users who may have forgotten they were even on the site. Thus, the information left out there in the ether, it seems, can be as valuable as that which we’re currently using. And reports of the hack of the Democratic National Committee’s network will undoubtedly spark a conversation about digital threats and the political process.
So what sort of digital security threats are in store for the rest of 2016? What will they teach us, and how will we meet their challenges? As always, we’re looking at threats that are sneakier, more sophisticated, and more personal. Be on the lookout for the following three developments as you help your clients keep up with the threats:
1. Data Sabotage
Data sabotage is an old concept that’s been getting new life as companies scramble to fix obvious security vulnerabilities, overlooking the little stuff. In a data sabotage scenario, a hacker enters a system, makes slight alterations to the code of the program, and then leaves, with the program changed to work in his or her favor. From industrial sabotage, where a machine part is quietly set up to slow down or fail at some point in the future, to the manipulation of market software to enable thieves to rig the odds, this is a type of threat with big implications. And because it’s so multi-faceted, it’s a very hard thing to catch.
2. IoT Malware
We’ve long been hearing about the potential for malware to infest Internet of Things (IoT) home devices and turn our appliances against us. While we haven’t quite reached that sci-fi scenario, there’s evidence that hackers are making good on the threat of IoT malware. A security firm reported earlier this year that it had discovered live malware infecting IoT devices and using their computing power to drive distributed denial-of-service attacks. There were also reports of a home surveillance camera bought online coming with malware preinstalled—and while there was disagreement from security professionals as to if the malware actually showed up before the customer got the camera, one thing is for sure: In the second half of 2016, the threat of IoT malware is no longer purely academic.
3. The Frightening World of Blastware
Blastware combines the information-gathering tactics of an advanced persistent threat with an element of sheer malice. As a reaction to new solutions that seize malware and sandbox it in order to see how it behaves before it can steal information, blastware is a category of malware that, when detected, does what it can to destroy whatever lies in its path. So for big enterprises that count on sandboxing in order to manage zero-day threats, malware analysis may—through the rest of 2016 and moving forward—become more like defusing a bomb that will go off when tampered with.
What new threats, and solutions, do you see coming for the rest of 2016?