Skip to main content

Mobile malware and Shadow IT to lead security issues in 2016

As 2016 draws ever closer, Ben Harknett, VP of EMEA at RiskIQ, offers his cyber security predictions for the new year.

Social malware is the new Wild West

Over the last 15 years we've seen web attacks evolve to a highly sophisticated state, mobile applications are 5 years into this same cycle. But it doesn’t stop there, next to join the cyber-attack evolutionary path is Social Media attacks.

Whilst still in the early stages, attacks like this have huge potential in online fraud as demonstrated by the Metro Bank Twitter incident earlier this year. With a predictable pattern for how attacks evolve, we fully expect 2016 will see rapidly increasing maturity in attack vectors involving Social Media. Brace yourselves, the impact of viral, social media delivered, malware will be huge.

 Breaches will only get more technically complex 

As perimeter security gets stronger, malicious actors are looking for easier entry points to compromise an organisation through the breadth of its digital attack surface. Over the next 12 months we fully expect to see an increase in the number of breaches where hackers compromise organisations through forgotten test servers and servers running old and vulnerable versions of operating systems web servers and development frameworks.

 Website will be a security weak point 

The need for responsive and innovative websites which capture the imagination of customers is going to be in big demand in 2016 as organisations compete with each other to deliver the best online experience. To do this organisations will turn to third party components to help deliver a seamless experience. However, as one of the digital touch points which organisations have no firm control over, these third party components will become a big target for distributed malware cyberattacks in 2016.

 Mobile malware on the rise 

In 2016 we will see increasing numbers of cyber criminals using mobile applications to spread malware. Mobile presents an easy target for cyber criminals, because it is an attack surface that is open and extremely difficult to defend once an app has been released. Our own research has found that 17 per cent of apps in the top 150 apps stores contain malware.

Based on what we saw in 2015 we believe the number of malicious app will more than double in 2016 unless more organisations are better able to police their apps and the usage of their brand across the app store ecosystem.

 IT will have to step out of the shadows

Thanks to technology such as cloud computing, it has become easier for business units to create their own IT systems, websites, and even mobile apps, without permission from the organisation. Shadow IT can be a huge challenge for IT security teams as vulnerabilities in public facing assets have become low hanging fruit for hackers and are often exploited to compromise organisations and their customers.

Security teams can’t protect what they don’t know about and Shadow IT activity will prove to be a major blind spot in 2016.

Image Credit: DeiMosz / Shutterstock

Ben Harknett is VP EMEA at RiskIQ, a cybersecurity company that helps organisations discover and protect their external facing known, unknown and third-party web, mobile and social digital assets.