New Year’s Cyber Security Predictions

January 7, 2016 |
Decorative Image of 2016

2015 brought some of the most aggressive cyberattacks and security breaches in history. From Anthem, to JPMorgan Chase, to the CIA director’s emails, nothing was sacred. An early 2015 Lloyd’s report estimated that companies lose $400 billion annually from cybercrimes, and premiums for cybercrimes had become one of the hottest forms of insurance.

The key takeaway from 2015 is that hackers, criminals and those lurking in the dark web marketplace are getting faster, smarter and more brazen about attacks. Law enforcement is evolving approaches to catch these thieves, but with limited resources it is more important than ever that companies take greater responsibility for updating outdated security infrastructures, and better protect themselves.

Therefore, it’s time to take action, share information and update approaches to prepare for what’s inevitably coming.

Unfortunately, attacks will intensify in 2016. We’re already seeing signs of aggressive strategies assailants will take. I believe the following cyber threats are the most likely to increase in the coming year:

Hackers-for-Hire

The dark web is quickly becoming a virtual flea market for nefarious sorts looking to deploy cybercrimes. Through these sites, those intending to do harm to a corporate network, gain sensitive information, or conduct corporate espionage connect with like-minded individuals with the technology and know-how to deploy sophisticated cyberattacks. Individual pay-for–play hackers, through phishing attacks and other methods, acquire credentials, which they then either use themselves or sell to others in the cybercrime supply chain, to gain access, and move laterally within VLANs. This trend is growing at an alarming rate, and shows no sign of abating given the continued success rate of cyber criminals.

Nation-State Threats

The most recent example of how nation-state threats are growing is the United States OPM Breach. Gone are the days of spies and clandestine operations: now we are dealing with cyber espionage, which is much more difficult to prove and track. Countries will say, for the record, that they are innocent of cyber espionage, but given the evidence, we know this activity is ramping up.

Data Aggregation – for Downstream Crimes

Criminal organizations will continue to target and correlate data on individuals from unrelated breaches to get a full picture of their identity. These more comprehensive dossiers, sometimes called “fullz”, can then be used for downstream crimes, such as filing false tax returns, applying for new credit, and broader wholesale identity theft.  This data (such as social security numbers, addresses, etc.) resides everywhere—including healthcare organizations and financial services firms—but it is particularly concentrated in accounting firms and government databases. While the Federal Government will take steps to further secure their systems, look for an uptick in breaches of municipal databases in 2016.

As we move forward into 2016, and security weighs heavily on the minds of most business executives, it’s time to think about New Year’s resolutions to address these predictions. We believe that organizations need to rethink their security, and take a Zero Trust approach, which truly enforces the Principle of Least Privilege, consistently at both the application and network level.

Read about Cryptzone’s approach to a zero trust, software-defined perimeter access security by downloading our white paper titled, After the Perimeter: How a ‘Segment of One’ Simplifies and Improves Security. It’s not about completely replacing, but rather enhancing and adding needed layers, and proactive approaches to address the changing threat landscape.

Back to Blog Home

Leo Taddeo

Leo Taddeo
Chief Security Officer
www.cryptzone.com

Leo Taddeo is the Chief Security Officer (CSO) for Cryptzone, a provider of dynamic, context-aware network, application and content security solutions. Taddeo, former Special Agent in Charge of the Special Operations/Cyber Division of the FBI’s New York Office, is responsible for analyzing the cybersecurity market to help shape Cryptzone’s vision for security solutions. Taddeo provides deep domain insight into the techniques, tactics and procedures used by cybercriminals, to help Cryptzone continue to develop disruptive solutions that enable customers to defend against advanced threats and breaches.

Prior to Cryptzone, Taddeo led more than 400 agents and professional support staff in cyber investigations, surveillance operations, information technology support and crisis management for the FBI. He oversaw high profile cases, including Silk Road, Blackshades and JP Morgan.

Previously, Taddeo served as a Section Chief in the International Operations Division, where he managed FBI operations in Africa, Asia and the Middle East. Taddeo has held various roles of increasing responsibilities in the field, including supervising a joint FBI/New York City Police Department Joint Terrorism Task Force and serving as the Legal Attaché in Rome, Italy.

After receiving his degree in applied physics from Rensselaer Polytechnic Institute in 1987, Taddeo served as a tank officer in the U.S. Marine Corps. In 1991, he was awarded a Purple Heart and Bronze Star Medal for valor for service in the Gulf War. Taddeo then earned a Juris Doctor from St. John’s University and joined the New York law firm of Mound, Cotton & Wollan, where he practiced civil litigation until entering the FBI.

Taddeo is a graduate of the CISO Executive Program at Carnegie Mellon University. He also maintains the Certified Information Systems Security Professional (CISSP) and GIAC Certified Incident Handler certifications.

Leave a Reply

Your email address will not be published. Required fields are marked *