By Steve Weisman, Special for USA TODAY
Last year I quoted late, great sage and Hall of Fame baseball player Yogi Berra. Yogi once noted, "It's tough to make predictions especially about the future."
Fortunately, for me, mine for 2015 were accurate. And so I will venture out to again make predictions, many of which should be considered warnings, for 2016 — as I remain all the while cognizant of the words of the Chinese philosopher La Tzu that "those who have knowledge, don't predict. Those who predict don't have knowledge."
So here are my cybersecurity predictions for 2016:
- The Internet of Things will increasingly be exploited by hackers. With more and more products including cars, refrigerators, coffee makers, televisions, smartwatches, webcams, copy machines, toys and even medical devices being connected to the Internet, the Internet of Things will become a prime target for hackers to exploit in many ways.
- Ransomware, whereby hackers take control of the data in their victims' computers, encrypt the data and threaten to destroy the data unless the victims pay a ransom has evolved into a bigger problem than many people may be aware of because many of the victims of ransomware do not report the attacks out of a concern as to adverse publicity. Companies of all sorts and governmental agencies have become victims of ransomware. The sophistication of the malware used as ransomware makes this a tremendous threat. In addition, while in the past ransomware has been used primarily for financial extortion, it can be expected that terrorists and others may use this malware purely to attack a target and destroy its data without any financial purpose.
- As more and more data migrates to the cloud, hackers will focus their attention on infiltrating the cloud. As so often is the case, the cloud may be more vulnerable due to the security measures used by the people and companies using the cloud rather than inherent security weaknesses in the companies providing cloud services.
- ISIS and other terrorist groups will attempt to conduct cyberwarfare including trying to attack vulnerable computer connected infrastructure including energy facilities.
- Spear phishing, the primary method for implanting malware in the computers targeted by hackers will become more and more difficult to identify as hackers are able to harvest personal information from both public sources and stolen private sources to make their spear phishing emails appear legitimate. In particular, social media will provide tremendous amounts of personal information that will be exploited by identity thieves and scammers to tailor spear phishing emails and scams to their victims.
- Small and medium size businesses will become increasingly targeted for data breaches that can be exploited for purposes of identity theft as they become perceived as the low hanging fruit for cybercriminals.
- The creation and sale by sophisticated cybercriminals of Exploit Kits, which are software which can be used by relatively unsophisticated cybercriminals to identify vulnerabilities in computer systems that can then be exploited by malware will increase.
- Although in the wake of the massive data breach at the Office of Personnel Management (OPM) the federal government has made a concerted effort to increase computer security, the problem is too big and the government is too cumbersome to make the dramatic across the board changes necessary to prevent another major and embarrassing data breach at one or more federal agencies.
- As more and more people do large amounts of their financial dealings on their smartphones, these devices will increasingly be targeted by identity thieves seeking to exploit vulnerabilities in the Android systems and Apple's iOS. Hackers will also take advantage of smartphone users failing to use basic security precautions such as having a complex password for their smartphones or failing to install and continually update anti-virus and anti-malware software.
- The financial system will come under increased attack in creative ways such as stealing "insider" information and using it to profit through stock trading. Pump and dump schemes will be done on a large scale based on stolen data identifying vulnerable victims. Banks worldwide will continue to be targeted by criminals attacking not just particular accounts, but the accounting systems of the banks to make their crimes more difficult to recognize.
- The health care industry will remain the largest segment of the economy to be victimized by data breaches both because, as an industry, it does not provide sufficient data security and because the sale of medical insurance information on the black market is more lucrative than selling stolen credit and debit card information. Medical identity theft is not only the most costly for its individual victims to recover from, but also presents a potentially deadly threat when the identity thief's medical information becomes intermingled with the medical identity theft victim's medical records.
- Although data breaches have not been discovered at major retailers during this holiday shopping season that does not meant that they have not occurred. It only means that they have not yet been discovered. You can expect that in 2016 we will learn about major retailers whose credit and debit card processing equipment has already been hacked.
- The computers of the candidates for President of the United States present too tempting a target to a wide range of hackers from those merely looking to embarrass a candidate to those seeking financial information about political contributions. Expect one or more candidates to have their campaigns' computers hacked.
As scary as this baker's dozen of predictions and warnings may be, there are many things we can do to increase our own personal cybersecurity. I will discuss those in my first column of the new year.