System hacks, data breaches and information theft are frequently in the news, and will surely continue to feature strongly in 2016. However, recent crystal ball gazing by different actors and experts yielded an intriguing variety of predictions for the coming year. Broadly speaking, there are IT security trends we can expect, those we should suspect, and those that sound a little like cyber-fiction, but still sound just credible enough to be given at least a modicum of attention.
What we can expect in 2016
New technologies are likely to be targets for cyber-criminals, who will try to exploit inherent weaknesses, lack of user experience, or both. Cloud services and containerized cloud services in particular will be attractive targets as organisations sometimes sacrifice security for speed of deployment. Data tiering and de-duplication will continue to grow as solutions for backing up larger volumes of data efficiently and by priority of business criticality. So will the encryption of backups and the use of cloud replication.
What we can suspect in 2016
The Internet of Things will increase overall attack surfaces. While hacking somebody’s Fitbit tracker to get into a corporate database may still be too ambitious, industrial assets such as turbines and locomotives are increasingly being connected to the web for both monitoring and control purposes. In parallel with IoT and the big data it generates, data analytics will be more important to identify weaknesses, abnormal user behaviour and cybercriminal activity.
Cyber-fiction or reality in 2016?
Pundits in this category like the idea of the predictability of cyber-attacks. Instead of just preventing or repairing damage, they see potential in forecasting where attackers are likely to act, using machine learning and even more analytics. Organisations (governments in particular) may move from cyber-defence to cyber-offence, including the creation of false environments to trick and trap potential menaces and hackers.
Where you choose to put your cyber-security dollars will of course depend on the activity and scope of your organisation. But while we make no specific recommendations, we’d be mightily interested in hearing about readers’ forays into any of the “advanced cyber-security techniques” in the third category.