A lot has changed in the security industry over the past 12 months, including a rise in cyber attacks against high-profile firms, the genesis of global cyber peace deals and the harsh realisation that no-one is safe from online threats.
Meanwhile, experts warned that cyber crime is no longer a problem for the IT department alone. It is a boardroom issue and it became apparent in 2015 that the consequences of a major hack can include financial ruin, job losses, extortion and loss of reputation.
The cyber crime statistics are hardly comforting. The UK government estimated that online crime now costs the country £27bn a year, while a recent report by PricewaterhouseCoopers indicated that cyber incidents have risen by 38 percent since 2014.
Carl Leonard, principal security analyst at Raytheon/Websense, said that 2015 was a "watershed year" for information security. "Many of the evolving threats and security practices now emerging will be directly attributable to events in this past year," he warned.
To this end, V3 asked a range of security experts and industry professionals about the security trends likely to emerge in 2016.
Breaches will continue
TalkTalk, Ashley Madison, Target, VTech, Experian and JD Wetherspoon make up only a small proportion of the businesses hit by breaches in 2015. It's a list that no chief executive wants to join.
Unfortunately, the trend of consistent and destructive cyber attacks is going to continue into the next year. "This year we have seen major attacks against large enterprises, government agencies and even dating sites," explained McAfee security expert Bruce Snell in a 2016 prediction report.
"We're no longer talking just about defaced homepages. Personal information, including credit cards, Social Security numbers and addresses, for millions of individuals have been stolen this year alone."
Bharat Mistry, security expert at Trend Micro, agreed, warning that hackers and cyber criminals will develop more sophisticated techniques over the next year.
"In 2016 threat actors will seek to better understand user psychology than the technical nuances of an attack. These cyber criminals are primarily driven by a need to shorten the distance between them and their goal: money," he told V3.
The rapid expansion of online tools available for purchase on the dark web, including ransomware and denial of service (DoS) programs, will increase the threat of extortion.
"Ransomware and DoS attacks will increase in frequency in the next year. There have been a growing number of blackmail attempts, threatening a company's resources with distributed DoS attacks if they do not paid a sum of money," warned Andrew Tang, service director at MTI Technology.
"They do not demand high levels of technical ability and the rewards can be great. Many companies cannot afford lengthy downtime on their servers and will pay the sum demanded, even without any guarantee that the attackers will not return."
Sean Sullivan, security adviser at F-Secure, concurred with this assetment, believing Windows-based threats will be more prevelant.
"I think cyber extortion will definitely continue to trend strongly in 2016, largely driven by Windows-based crypto-ransomware," he told V3.
"We'll definitely see more experimentation and I won't be surprised if a stable scheme develops as a result. Recent encryption/extortion attacks aimed at Linux servers is a very worrying development."
Politics will play a greater role
Countries including the UK, the US, China and Germany all met to discuss peace agreements in 2015 designed to curb cyber espionage and theft of intellectual property.
Paul Farrington, senior solution architect at Veracode, told V3 that politics will continue to play a vital role. "We will look to our leaders, think-tanks, trusted institutions and even brands for clarification on this issue and help to protect us in cyber space," he said.
"In the UK, the government is currently weighing up individual liberties and freedoms against the need to secure the population, but there are contradictions in this discussion between advising people to use secure cryptography such that our communications can't be monitored if necessary."
Pravin Kothari, founder and CEO of security firm CipherCloud, explained that European politics will also play a bigger role in cyber security.
"Regulators have had much success defining privacy principles that shape how businesses will handle citizen information, for example the forthcoming Data Protection Regulation and the Safe Harbour suspension," he said.
"The recent escalation in terror activities is also reviving policy-maker scrutiny on national security practices. This has resulted in revived calls for weakening security tools and expanding surveillance powers."
The Investigatory Powers Bill is currently facing scrutiny in the UK parliament and is expected next year.
Legal reform will take hold
Ross McKean, partner and head of data protection law at law firm Olswang LLP, said that the new General Data Protection Regulation (GDPR) will be one of the biggest changes next year.
"With publication of the final regulation expected early in 2016, the clock will start ticking on the introduction of the most significant changes to data laws for a generation across Europe in 2018," he told V3.
"Revenue-based fines and mandatory breach notification laws are on their way. A paradigm change is required in the way organisations collect and use data and that will take time and effort."
Greg Day, chief security officer at Palo Alto Networks, agreed that new security laws will affect many firms' cyber strategies in 2016.
"The Network Information Security Directive and GDPR reform will have a material impact on cyber strategies in 2016," he said.
"Businesses, whether part of critical national infrastructure or those that handle more than the expected 5,000 EU citizens' records, will be required to have security capabilities aligned to current state-of-the-art capabilities, the latter regulation being aligned to their risk profile."
The expansion of artificial intelligence
Mike Turner, vice president and chief security officer at Capgemini Consulting, explained that more practical use cases for artificial intelligence (AI) in security will emerge in the next year.
"AI has the ability to anticipate issues before they arise through threat analysis, threat detection and threat modelling," he said.
"If a human manually checks systems monthly, depending on the timing of the attack it could be 30 days before analysis begins and complex logs would still need days or weeks to analyse.
"AI can ensure the company does not lose any further data and can react to the breach much quicker. The potential for AI's development in this area is huge, but the biggest barrier in the year ahead will be how much we're prepared to let it take control."
The strengthening of passwords
There will be a bigger uptake of two-factor authentication and a wider use of biometrics in 2016, according to Mark James, security specialist at ESET.
"We will see a bloom in Internet of Things technology and uptake. With the increase in mobiles and tablets keeping us connected in every way possible, a lot more devices will end up being connected and sending information to all corners of the globe providing a wealth of data waiting to be plundered," he warned.
"I think we will have to see a bigger uptake of two-factor authentication, including a wider choice of all types of biometrics."
More people will bring smartwatches and wearables into the workplace next year, which experts say could be a cause for concern.
"As more devices become connected, the security implications will grow. Most of these devices will not be looked on as a security risk, but they can, and will, be exploited as any other connected device," said Garry Sidaway, senior vice president of security strategy at NTT Security.
"Most companies have controls and processes in place to manage bring-your-own mobile devices like phones and tablets, but wearables and connected devices are not yet typically considered part of an organisation's risk management strategy."
Whatever happens in the security industry over the next 12 months, it is clear that companies need to be aware of the risks and prepared for the inevitable cyber crisis.
Intel wants to get inside your car, despite missing out on mobile
'We'll keep fighting to fight to keep the web free and open,' claim EFF
Breached in March by the same attackers, claim 'insiders'
And all for less than £150, according to Keith