Top Security Concerns for 2016

Clare Hopping

Wednesday 21 October 2015

In 2015, as always, security is a top priority for CIOs and IT departments. But how will the security threats we’ve seen so far this year change as we head into 2016?

Mid-2015 and the security attacks keep getting more sophisticated. Many are no longer limited to the backroom hackers, with targeted attacks being carried out by large organisations and, in some cases, entire states.

But where should IT departments be spending their budgets and what are the biggest risks to their business in the following year?

Internet of Things

There have been multiple research projects this year highlighting the security risks posed by the Internet of Things.

In April, Veracode studied six products to see how easy they were to hack into. It discovered all but one could pose a serious security risk to both consumers and businesses alike.

“The results showed that all but one device exhibited vulnerabilities across most categories,” the report states. “It’s clear there is a need to perform security reviews of device architecture and accompanying applications to minimise the risk to users.”

Browser-based exploits

It has also become clear this year that it’s not just programs and apps that are at risk from backdoor hacks. Increasingly, browsers are becoming targets for hacker groups, allowing them to track anything you do online.

Researchers from New York’s Columbia University discovered one particular flaw that could affect anyone running a late-model Intel microprocessor and a web browser using HTML5.

The problem with this particular hack is not only that it’s quick to carry, but also that there’s nothing for the hacker to install. They just need to lure a victim to a web page and their browser is instantly being tracked.

Spear phishing

Although spear phishing has been around for quite a while, it is becoming more prevalent thanks to greater the availability of everyone’s personal information online.

The Internet Crime Complaint Center (IC3)’s annual report revealed that, in 2014, there were 269,422 complaints about spear phishing, thought to have cost companies $800m in losses.

How to protect your organisation

It’s important to install any software updates to patch holes and ensure staff are educated about malicious web links. A slightly more intrusive solution is to prevent employees from accessing the entire internet, but this isn’t always practical, nor desirable .

The key for CIOs and IT directors would be to educate their staff around the threats of spear phishing, browser-based attacks and IoT hacks, including how they should protect their identity online and ensuring that they are able to identify malicious URLs or suspicious activity on their devices.