PwC recently published their Global State of Information Security Survey 2016. They based their analysis on the responses of more than 10,000 CEOs from 127 countries.
Their findings from 2015 are concerning:
- There were 38% more cyber attacks reported in 2015 compared to 2014.
- Employees remain the biggest security threat.
- There was a 22% rise in third party data breaches
- Only 53% of organisations invest in a training and awareness programme for their staff
So what does this mean for 2016?
Taking the developments from last year into consideration, as well as current thoughts about the new trends in cyber security, here are some predictions for 2016:
- Cloud computing will be the primary target for hackers
The use of cloud based services is becoming ubiquitous throughout the business world. It saves space, saves time, and saves money. But this is only the case if security measures are in place to protect the highly valuable confidential data that companies depend upon. This year the high profile hacking of Ashley Madison, among an almost daily occurrence of others, underlined the widespread impact such a breach can be for both company and customers. Investing in security measures that protect the cloud services that organisations use must be the No.1 goal for managers and directors in 2016.
- Phishing will get more sophisticated
Phishing emails remain the most consistent threat to companies of all sizes as they prey on the biggest weakness in cyber security: the human factor. Phishing emails no longer have spelling mistakes, grammar is always immaculate, and the graphics and branding always look authentic. Criminal groups are able to send out millions of phishing emails at the touch of a button. As always, employees must be educated about the most basic security steps to take, such as checking the sender email address or even hovering over the link to see the address of the link is genuine.
- Employees will still be the biggest weakness
We say it every year and for 2016 it is no different: employees remain the biggest weakness in every security strategy. The one thing that doesn’t change in cyber security is that we are all human. It’s crucial therefore in 2016 that companies invest in the education of their employees at every level. This doesn’t mean throwing money at the problem but creating a compliance culture built upon communication and cooperation so that every base is covered in a new security strategy focused on the people that fight cybercriminals on the front line.
- With more public sector bodies going online, more data of local customers, clients, and citizens will be at a greater risk
2015 seen more local governments storing the data of its citizens online, therefore, local public sector bodies will become the focus of malware cyber attacks and it is imperative that they invest in compliance management and security software that educates public sector workers about the real threat that they face everyday. Data security must be at the very centre of the service that civil servants provide to local people.
- Cyber criminals turning to Medical Devices?
One of the most striking predictions for 2016 is that medical devices such as insulin pumps may well become a target for hackers. Reports this year revealed that the FDA and Department of Homeland Security in the United States “strongly encouraged” health care facilities to discontinue the use of Hospira's Symbiq infusion pump, as they could be accessed remotely through a hospital’s network. Experts have argued that investment in the security of medical devices is ten years behind that of other areas. It’s the responsibility of the manufacturers of the hardware and software of these devices to have the necessary security software in place.