Ransomware is likely to grow substantially in 2016.
Current estimates from the Cyber Threat Alliance put the damage caused by CryptoWall ransomware at $325 million, up 1800 percent since the FBI's report in June 2015, said Stu Sjouwerman, founder and CEO of KnowBe4. This type of threat usually comes from clicking a link in a phishing email, thereby infecting your machine or your network and encrypting your files with a sophisticated unbreakable encryption. If your systems are not backed up, said Sjouwerman, your data will be lost or worthless unless you pay the ransom. Even the FBI recommends you pay up, so why wouldn't the criminals put a greater emphasis on this money maker?
Internet of Things challenges will continue.
The Internet of Things (IoT) introduces new network devices into your environment, all with their own vulnerabilities, said Wolfgang Kandek, CTO at Qualys. The best way to limit their reach into your corporate network is to have a guest network where end users can install these devices and where no access to enterprise devices is available. Kandek recommended using features such as AP isolation to make sure that devices are sheltered from each other's network. Speaking of IoT, a positive security note that Kandek thinks we'll soon see is overall automatic patching in IoT devices, similar to what we've been seeing with smartphones.
DevSecOps will be where it's at in 2016 as security becomes integrated with DevOps.
In 2016, expect to see security and DevOps teams working together to deliver more secure applications at a faster and more frequent pace via a continuous integration and testing process, according to Maria Bledsoe, senior product marketing manager, Fortify for Hewlett Packard Enterprise. Collaboration between security and DevOps will allow organizations to find and fix vulnerabilities earlier in the development process, providing better protection while saving both time and cost.