The past year brought a staggering number of high-profile data breaches and other cyberattacks. As usual, most hackers waged attacks for financial gain. But 2015 also saw a handful of others beginning to take action for moral reasons, targeting companies they believed were doing wrong.
In the coming year, security experts expect there to be other new types of hacks that diverge from the standard blueprint. Below, find out the surprising (and scary) developments they're betting on.
1. Destructive attacks worsen.
Not only will cybercriminals have a greater variety of motives, they will also increase their range of targets, Patrick Peterson, founder and CEO of security firm Agari, tells Inc. "Businesses and government entities that have never seen themselves in the crosshairs will move into the scope for these diversifying attackers," Peterson warns. Nontraditional targets such as power plants and consumer sites and applications are among those that could become victims.
2. Social engineering gets personal.
Social engineering, the act of tricking someone to reveal desired information either in person or through electronic communication, is not new. But criminals will continue to use it in creative and effective ways, taking advantage of the fact that humans are the weakest link in any company's security. "They will pick one company, then one unsuspecting individual within that company to prey on," Peterson says. "Using information on that person, gleaned through the sites they've visited or data the hacker has purchased, the bad actors will convince the good ones to unknowingly betray themselves, and ultimately the organizations for which they work."
3. Attacks through apps.
If you've ever read privacy policies for mobile apps, you know that some apps access your email, contacts, and text messages. Hackers have already targeted massively popular apps like Snapchat, but these new attacks will go further--the personal information will serve as the basis for a larger scheme. "An attack entry point via an app on a mobile device may well be able to access a whole company network," Margee Abrams, director of IT security services for Neustar, tells Inc. "In 2016, we will see many more companies recognizing this threat and applying for a professional vulnerability assessment that identifies potential security holes in networks, wireless networks, and applications."
4. Internet of things hacks increase.
As more types of equipment connect to the internet, expect a host of new attacks to originate through them. The so-called internet of things "will become central to 'land and expand' attacks in which hackers will take advantage of vulnerabilities in connected consumer devices to get a foothold within the corporate networks and hardware to which they connect," says Derek Manky, global security strategist for cybersecurity firm Fortinet.
5. Laws on infrastructure security.
There have already been hacks that caused physical damage in the offline world, but experts are warning that 2016 might bring an attack on critical infrastructure. The result, they predict, will be new laws to shore up the electrical grid, nuclear power plants, and other large energy facilities. "This year we will see governments making compliance mandatory across all critical infrastructure industries--with real consequences for non-compliance," says Yo Delmar, vice president of MetricStream, a governance, risk, and compliance firm.