By Trudy Knockless, From Legaltech News

Experts say hackers could take advantage of domain confusion to steer users toward malware and data theft.

The year 2015 is being widely referred to as the year of the data breach. Cybersecurity experts at Raytheon|Websense shared their security predictions for 2016, warning to be on the lookout for U.S. presidential election cyber-antics; cybercriminals pickpocketing phone wallets; and an increase in vulnerabilities from the aging Internet, among other security challenges.

“The increase in connectivity and the digitization of the daily lives of both businesses and the general public will also lead to an exploitation of payment systems, IoT devices and the reformulation of our current perception of privacy,” Joshua Douglas, CTO of Raytheon|Websense, said in a statement.

Researchers say attackers will use the attention given to political campaigns, platforms and candidates, as an opportunity to tailor social engineering lures. Others will focus on hacktivism, targeting candidates and social media platforms. Additionally, the tools and infrastructure (candidates, news sites, support groups) of those involved with the political process will also be targeted. They suspect hacktivists will reveal unwelcomed personal details or use compromised accounts to spread false information that may seem to come from candidates. Those who are not diligent during this time may be slapped with high expenses for security lapses and gaps in defenses. 

“Lures created from interest in U.S. Elections, as well as other high profile events, will present opportunities for social engineering, not just for consumers but also for the candidates themselves,” Carl Leonard, principal security analyst at Raytheon|Websense Security Labs, said in a statement. “In the digital age, data handled less than securely could impact elections or even the candidates themselves.”

The analysts also predict that hacks targeting mobile devices and new payment methodologies will impact payment security more than Europay, MasterCard and Visa (EMV). As non-traditional payment methods on mobile devices or via beacons and smart carts increase, researchers anticipate that it will open doors for a new wave of retail data breaches.

Security maintenance costs are also expected to increase, creating major problems with the Internet and security practices. The year 2015 revealed that certificates of many of the most popular websites on the Internet are not as secure as they should be. There are also additional problems including old and broken JavaScript versions that invite compromise; rapid OS updates and new trends in software end-of-life processes that cause havoc; as well as new applications built on recycled code with old vulnerabilities. Experts believe all of these will affect security processes and outcomes for 2016.

As of Nov. 2015, the number of generic top-level domains (gTLDs) exceeds 700 domains, with about 1,900 more on the waiting list. Researchers say that as new top-line domains emerge, they will be rapidly colonized by attackers even before legitimate users. Experts say criminals and nation-state attackers could take advantage of domain confusion to create highly effective social engineering lures, which will steer unsuspecting users toward malware and data theft.

Offerings of insurance companies are expected to mature with qualifications, exceptions and exemptions, which will allow them to refuse payment for breaches caused by ineffective security practices. However, premiums and payouts are expected to become more aligned with underlying security postures and better models of the cost of an actual breach. Raytheon|Websense experts say insurance companies will greatly affect security programs, as requirements for insurance become as significant as many regulatory requirements (PCI, HIPAA, ISO 27001).

The boundaries between corporate and personal devices have become blurrier, they said, causing increasing friction and security challenges, which affect critical infrastructure. Industries that utilize a large number of connected devices and networked systems in the course of their everyday business, such as healthcare, are likely to face a wider range of security vulnerabilities and threats.

Outside of the traditional financial services installation base, a more aggressive adoption of data theft prevention strategies are expected, and is due to the many public breaches of 2015, the predicted changes in cyber insurance, as well as increased visibility in the boardroom relating to all things cyber and continued concern for data loss.

“Smart cyber security is no longer about just preventing a breach, but building the resiliency and the flexibility to respond to and minimize the potential negative outcomes of a breach,” Douglas said.

The frequency of data breaches seen in 2015 is on the rise, changing the way personally identifiable information (PII) is viewed. Further breaches and loss of PII is expected to drive major shifts in how privacy is perceived. The experts believe that just as the last decade saw the introduction of “the right to be forgotten,” it should be anticipated that within the next decade similar large shifts in privacy rights and expectations will emerge.

“2015 will be seen in retrospect as a watershed year for information security, as many of the evolving threats and security practices now emerging will be directly attributable to events in this last year,” Leonard noted.

“The evolution and expansion of an aging Internet will present significant opportunity for attackers while simultaneously tripping up defenders,” he added.

For more on this story go to: http://www.legaltechnews.com/id=1202746107366/Cybersecurity-Experts-Predict-an-Increase-in-Data-Breaches-for-2016#ixzz3wHxcnUt9