ThreatMetrix 2016 Cybercrime Predictions
Posted December 4, 2015
This year has seen record cybercrime, with cyberattacks costing businesses about half a trillion dollars – conservatively – in 2015 alone.
Few consumers have been spared in the onslaught; according to ZDNet, nearly every American has been affected by at least one data breach in 2015, including top breaches targeting the U.S. Office of Personnel Management (OPM), Trump Hotel Chain, Experian/T-Mobile and Anthem Healthcare.
With the New Year around the corner and attacks showing no signs of slowing down, we gathered insights from several ThreatMetrix executives to compile 16 cybercrime predictions for 2016, which fall under four core themes.
In 2016, every business is a digital business.
Traditional businesses will be vulnerable to disruption, and emerging industries will face new threats.
- Consumers will have more online accounts and digital touchpoints than ever before.
- The continued growth in mobile devices and smart IoT devices (watches, cars, thermostats) puts the burden on businesses to be able to recognize customers across various touchpoints.
- Mobile will surpass 50% of all e-commerce and financial transactions.
- Consumers will increasingly demand convenient methods of payments, leading to more mobile-friendly payments (and an increase in fraud surrounding these payments).
- Growth in mobile device use will bring the unbanked and underbanked into the fold.
- Cybercriminals will determine new ways to target alternative payments, including online lending and crowdfunding platforms.
- With the proliferation of cross-border money transfer, the tools and processes necessary to stop cybercrime must have the same global perspective.
- Growth of social and crowdsourcing platforms make the concept of identity verification crucial.
- EMV migration will secure card-present and drive increased focus by fraudsters on digital channels.
- As we’ve said before, fraud activity naturally flows to the area of least resistance.
- In 2016, we will see an increase in fraud targeting new account originations in financial services.
- Companies with large volumes of digital business will look for layered security solutions.
- These include solutions that can orchestrate multiple vendors and evaluate risk throughout the session – from login through every interaction – to make better business decisions.
The use of data in customer decisioning will shape business fortunes… and the C suite.
Businesses’ ability to compete will be predicated on the degree to which they understand and recognize their customers.
- User experience will become a central consideration in the cybersecurity buying process.
- As champions of the user experience, chief customer officers and chief digital officers will have direct input in cybersecurity/fraud prevention purchasing decisions.
- Their motive? Tools and processes need to be real time and frictionless in a digital world. Their goal? Technology that keeps out the bad guys without turning off customers or introducing unnecessary friction.
- Cybersecurity will gain a stronger foothold in the C-suite.
- Cybersecurity will more regularly impact both major and day-to-day business decisions.
- We’ll see at least one C-level dismissal in the Fortune 500 due to a cybersecurity incident in 2016.
- Businesses will increasingly experience the downstream effects of data breaches.
- More data breaches will occur as digital identities are compromised and cybercriminals use these stolen credentials for fraudulent activity.
- Customers don’t differentiate between a network breach and an account breach and assume the fault lies with the businesses they trust.
Attacks will become increasingly global and more complex.
Cybersecurity will be a center-stage issue globally in 2016.
- Retailers will fall victim to more attacks using stolen credentials.
- Cybercriminals are getting more organized in laying traps and mining data following data breaches.
- Online businesses are facing low-frequency botnet attacks designed to evade detection by appearing as legitimate traffic.
- We will see the continued growth of nation state cybercrime, as organized crime rings continue to expand and terrorism moves online.
- Gone are the days when individual actors and small crime rings are the only ones responsible for cybercrime.
- Nation state cybercrime is government backed and well-funded, opening the door to more expansive, sophisticated threats.
- Cybersecurity will be a major tenet of the 2016 U.S. presidential campaign.
- Focus will be on public institutions, private businesses and individual security.
- Smart “things” need smart cybersecurity
- There will be a shift from the Internet of “Things” to the Internet of “You.”
The Year of the Digital Identity
Fraud strategies will put digital identity intelligence front and center in 2016.
- Continued security failings will bring more regulations, mandates and retail sector controls.
- Technologies will move toward being able to leverage big data in an anonymized fashion, which will pave the way for more stringent EU DP laws which will affect all global organizations operating in EU.
- Global information sharing and collaboration will increase.
- Businesses will recognize the benefits of shared intelligence as opposed to standing alone in the fight against cybercrime.
- There will be a push for information sharing among U.S. businesses in part due to the federal Cybersecurity Information Sharing Act (CISA).
- The role of static PII in identity assessment and authentication will continue its slow and painful death.
- Post-breach, traditional static data has become ineffective, and 2016 will see an increase in organized fraud using consumer data harvested from multiple sources.
- Businesses increasingly see the value of a multichannel, multi-industry, multi-device view of user data.
- The consumer is – or should be – at the center, and constant insight across channels is increasingly critical. Businesses must rely on dynamic sources of data for identity assessment and consumer authentication.
- 2016 is the year of the digital identity.
- In light of data breaches, businesses need a 360-degree view of the related identities, behaviors and threats associated with a user’s device(s) to have a grasp on whether they are a valuable customer or cybercriminal.