Cyberthreats are constantly evolving, with cyberguardians and cybercriminals working overtime last year to gain an advantage.
More than 20 billion devices are expected to have internet access in four years, forcing individuals and organisations to face an exponentially expanding attack surface.
Trend Micro Inc, a global leader in security software and solutions, recently released its annual security forecast -- "The Fine Line: 2016 Security Predictions" -- which says the consequences of falling behind in this arms race can be catastrophic, elevating discussions on cybersecurity to the boardroom.
"In 2016, continued growth in online extortion, hacktivism and mobile malware is expected, as well as a shift to an offensive cybersecurity posture for government entities and corporations," says Raimund Genes, chief technology officer of Trend Micro, in the report.
"We anticipate 2016 will be a very significant year for both sides of the cybercrime equation."
Governments and enterprises will begin to see the benefit of cybersecurity foresight, with legislative changes and added cybersecurity officers within enterprises, he says.
In addition, as users become more aware of online threats, attackers will react by developing sophisticated, personalised schemes to target individuals and corporations alike, Mr Genes says.
According to the report, 2016 will mark a significant turning point for malvertising.
In the US 48% of consumers use online ad-blocking software, while there was a 41% increase in global use in 2015. As a result, advertisers will seek to alter their approach to online ads, while cybercriminals will try to find other ways to obtain user information.
Online extortion will be accelerated through the use of psychological analysis and social engineering of prospective victims. Hacktivists will be driven to expose even more incriminating information, affecting targets and facilitating secondary infections, says Mr Genes.
Hackers consistently evolve to adapt to their surroundings, and just as online ads are declining the company sees ransomware increasing, says Tom Kellermann, Trend Micro's chief cybersecurity officer, in the report.
"Despite the growth in security investments and legislation, these changes will inevitably bring new, more sophisticated attack vectors," says Mr Kellermann.
Highlights from the 2016 predictions include:
Cybercriminals will devise new ways to personalise attacks, making 2016 the year of online extortion.
Mobile malware will grow to 20 million, primarily affecting China, while targeting new mobile payment options globally.
As more consumer-grade smart devices are used in day-to-day activities, at least one device failure will be lethal in 2016.
Hacktivists will escalate attack methods to systematically destroy targets with high-profile data breaches.
Less than 50% of organisations are expected to have cybersecurity experts on staff by the end of 2016.
Increased ad-blocking products and services will force cybercriminals to find new means to target victims, resulting in fewer malvertisements.
Legislation will expand to a global cybersecurity defence model, allowing for more successful arrests, prosecution and convictions.
Cisco Systems Inc, the world's largest computer network maker, revealed in its annual security report only 45% of organisations worldwide are confident in their security posture as today's attackers launch more sophisticated, bold and resilient campaigns.
While executives may be uncertain about their security strength, 92% of them agree that regulators and investors will expect companies to manage cybersecurity risk exposure. These leaders are increasing measures to secure their organisations' future, particularly as they digitise their operations.
The Cisco report highlights the challenges businesses face because of the rapid advancements of attackers. Hackers increasingly tap into legitimate resources to launch effective campaigns.
Direct attacks using ransomware alone put US$34 million a year into cybercriminals' hands. These miscreants continue to operate unconstrained by regulatory barriers.
Security challenges inhibit businesses' ability to detect, mitigate and recover from common and professional cyberattacks. Ageing infrastructure and outdated organisational structure and practices are putting them at risk.
The study sounds a global call to arms for greater collaboration and investment in processes, technologies and people to protect against industrialised cybercriminals.
Fortinet, a high-performance network security firm, predicts Internet of Things (IoT) attacks and new evasion techniques will characterise emerging threats in 2016.
Fortinet and its threat research arm, FortiGuard Labs, foresee the IoT and cloud computing gaining in popularity, but new malicious tactics and strategies will create unique challenges for vendors and organisations alike.
FortiGuard forecasts the following cybersecurity trends for 2016:
Increased machine-to-machine attacks and propagation between devices
Several troublesome proofs of concept made headlines in 2015 demonstrating the vulnerability of IoT devices.
In 2016 FortiGuard expects further development of exploits and malware that target trusted communication protocols between these devices. Researchers anticipate IoT will become central to "land and expand" attacks in which hackers take advantage of vulnerabilities in connected consumer devices to get a foothold within the corporate networks and connected hardware.
Worms and viruses designed to specifically attack IoT devices
While worms and viruses have been costly and damaging in the past, the potential for harm when they can propagate among millions or billions of devices from wearables to medical hardware is orders of magnitude greater.
FortiGuard researchers and others have already demonstrated it is possible to infect headless devices with small amounts of code that can propagate and persist. Worms and viruses that can propagate from device to device are definitely on the radar.
Attacks on cloud and virtualised infrastructure
The Venom vulnerability that surfaced this year gave a hint about the potential for malware to escape from a hypervisor and access the host operating system in a virtualised environment. Growing reliance on virtualisation and both private and hybrid clouds will make these kinds of attacks even more fruitful for cybercriminals.
Because so many apps access cloud-based systems, mobile devices running compromised apps can potentially provide a vector for remotely attacking public and private clouds and corporate networks to which they are connected.
Techniques that thwart investigations and hide evidence of attacks
Rombertik garnered significant attention in 2015 as one of the first major pieces of "blastware" in the wild. But while blastware is designed to destroy or disable a system when it is detected (and FortiGuard predicts the continued use of this type of malware), "ghostware" is designed to erase the indicators of compromise that many security systems are designed to detect, making it difficult for organisations to track the extent of data loss associated with an attack.
Malware that can evade even advanced sandboxing technologies
Many organisations have turned to sandboxing to detect hidden or unknown malware by observing the behaviour of suspicious files at runtime. But two-faced malware behaves normally while under inspection and then delivers a malicious payload once it has been passed by the sandbox. This can prove quite challenging to detect but can also interfere with threat intelligence mechanisms that rely on sandbox rating systems.