Virtualization and cloud executives share their predictions for 2016 in this 8th Annual VMblog.com series exclusive featuring Mark Weatherford, ex deputy undersecretary for cyber security at the Department of Homeland Security and current vArmour exec, along with vArmour CEO Tim Eades and threat analyst Ryan Wager.
Mark Weatherford, Chief Cyber Strategist
- A major cyber attack will lead to questions of war. A dangerous nation state with already installed "sleeping" malware in US critical infrastructures will threaten the US with widespread outages.
- At least one current U.S. presidential candidate will be hacked, exposing campaign finances. This hack will not only cause a national shift in the conversation behind cyber attacks, it will influence the final GOP and Democratic nominees for U.S. president.
- In 2016, the United States will experience a significant attack on critical infrastructure (power, oil/gas, transit, communications, stock markets, etc.) that will result in an outage measured in days rather than hours or minutes. This will result in a new understanding of the huge societal dependency upon IT and telecommunications.
- In 2016, new cyber-regulation will be introduced by lawmakers with higher penalties than ever before for companies with breaches. This (over) regulation will result in new levels of cyber security spending never before seen.
- Underwriter pre-requisites for obtaining cybersecurity insurance are going to change, causing consumers to speak with their dollars and leave previously trusted brands they admire. For the first time ever, a large company that is breached will go out of business not because of the breach itself, but because of the lack of trust they create following a major cyber attack.
Tim Eades, CEO
- Consumer trust in companies they buy from will hit a new low based on a security breach from static, once per year policy reviews, to including technology requirements for dynamic, continuous monitoring and a more consistent real-time evaluation of risk (think of the Progressive car dongle). This will provide tremendous opportunity for security product companies who can provide these new levels of visibility.
- Due to an overwhelming increase in attacks directly affecting consumers, banks and other financial institutions will begin to back away from covering losses through card or bank account hacks where users did not protect themselves.
- Many retailers are shifting to contactless payment options like Apple Pay, however this move will bring with it a bounty of new hacker tactics that will need to be addressed. With 50% of all retail transactions using cash and less than 10% of retailers using contactless payment options, there will be no call to action to aggressively secure these modern payment methods- meaning attackers can create and deploy new hacks, and lay undetected for long periods of time. Ultimately, a series of hacks against these payment options in 2016 will force retailers to ban together to create their own series of regulations to deal with contactless pay - and a new industry of security companies will emerge to deal with this trend.
Ryan Wager, Global Threat Strategist
- Hackers will turn individuals against each other. Easy access to personal data and an increase in ransomware tactics will allow hackers to play cyber games. Imagine the Hollywood scenario: a hacker has access to 3 families - including their children's - data, and the first to pay a heavy sum will get their data back. The rest of the identities will be sold on the black market. In 2016, it will happen.
- The increasing digitization of all industries will hit a brick wall in healthcare, with a fury of attacks targeting sensitive healthcare records. Advanced nation-state attackers are after entire identities of US citizens - not just their credit card or social security numbers. A treasure chest of profitable health data taken from compromised servers will made available on the dark web and open many consumers open to privacy risks that have never been seen at such a large scale. These hacks will open consumers up to blackmail of extremely personal information... or worse, full identity theft of their entire personal records.
- While hackers will continue to target crown jewel organizations in finance, healthcare and retail, 2016 will see an increased number of attacks against "weakest link" third party business partners to these organizations, such as delivery services, online hosting, etc. This will be in part because these business partners are an entryway into troves of valuable data, but also because the hacking landscape is able to "wash, rinse, repeat" basic tactics easily on these more vulnerable targets.