2015 has been a horror year on the security front, with a long list of high-profile corporations and even the Internal Revenue Service finding themselves at the mercy of a variety of bad actors.

The question for the year ahead is will the enterprise security landscape see an improvement as security tools continue to evolve to face new challenges, or will the landscape get worse as hackers continue to evolve more quickly in the never end arms race in the space?

As part of our series of predictions for 2016, Blue Coat Systems, Inc.’s Chief Technology Officer and Senior Vice President Dr. Hugh Thompson shares his thoughts for the year ahead, and they are primarily not positive with a lead prediction that we can expect to see an increase in breaches of cloud services, but conversely 2016 will see companies prioritize their response and analysis capability.

Here are Thompson’s predictions for the year ahead.

As more organizations store their most valuable data in the cloud (customer and employee data, intellectual property, etc.), bad actors will find new ways to gain access to this data.

In 2016, Thompson expects to see an increase in breaches of cloud services, with hackers using credentials to cloud services as a major attack vector complete with social engineering tactics that focus on mimicking cloud login screens to gain credentials.

Mobile malware and ransomware will both increase in the coming year.

Thompson believes a fresh new target is the mobile device — phones and tablets are already seeing a rise in ransomware.

Criminals will also move from primarily targeting individuals to organizations that have not properly backed up their sensitive data, with the recently discovered Linux.Encoder ransomware being a good example of how ransomware continues to evolve.

As cloud services like Office365, GoogleDrive, Dropbox and Box continue to increase in popularity, hackers will keep leveraging these services.

Thompson says these services are ideal for hackers as they are free to set up, they offer free SSL and they are generally not blocked.

Encrypted traffic will continue to create blind spots for security controls as privacy activists attempt to encrypt the entire web, but with adversaries hiding in plain sight, operating and communicating on encrypted traffic and channels, there will be strong interest in encrypted networks.

As breaches increase, companies will prioritize their response and analysis capability.

“It seems that every year is deemed the ‘Year of the Breach,’ and each year more and bigger-name companies are falling victim to breaches,” Thompson noted. “Today, breaches are commonplace and people are becoming desensitized to them. As a result, many feel helpless against these threats, causing companies to prioritize their response and analysis capability, as well as their breach insurance.”

IoT is a new, greenfield area for hacking and learning.

The Point of Sale (PoS) hacks over the last few years are just a start, Thompson said, with the prevalence of Internet-connected devices that are often left unsupervised and unsecured making them a haven for control and manipulation.

Many IoT devices lack significant memory space or Operating System capability and, as such, treating them like endpoint agents will fail – this will enable the hacker community to exploit IoT vulnerabilities both to get headlines and for more nefarious purposes (simply turning devices on or off).

The whole world wants in on cybercrime.

Thompson stated that we are starting to see a broader spread in the sophistication level of nation state’s attacks, with some, such as Nigeria, now entering the fray with more sophisticated attacks.

Conversely, China and North Korea have done little to evolve their attacks over the last five years while continuing to remain successful, in part, due to the persistence of these attacks, while Russia has evolved significantly in the last several years, both in terms of activity and sophistication.

Conflicts throughout the world in 2016 will bring with them hardware-connected attacks.

The failure to build up cyber talent will be a huge issue over the next five years.

Thompson believes that the failure of organizations and countries to build up cyber talent, with demand for information security professionals is expected to grow by 53 percent through 2018, will increasingly become a huge issue.

Security jobs will be filled by Managed Security Service Provider’s (MSSPs), but the cost will not go down.

Products will have to get better and smarter to drive change, and the private industry will need to change the trend and get investments to get people interested.

Image credit: Blue Coat