How your data will be at risk in 2015
The world of information security is, as we know, a constant arms race between the hackers and cyber criminals and the protection industry.
Since the focus has turned to making money rather than simply causing disruption it's become big business too. 2014's string of retail and other security breaches is testament to this.
The money angle also means that trends in security tend to follow trends in the wider industry. So what do the experts think are going to be the key targets for next year’s attacks and how do they see the industry adapting?
Kaspersky Lab expects payment systems to come under increasing threat as cybercriminals seek to monetize their efforts. It predicts increased levels of attacks against NFC payment systems as technologies like Apple Pay become more popular.
Kaspersky also sees the internet of things as being ripe for exploitation. It expects to see networked printers and other connected devices come under attack as a way of gaining access to corporate systems. ATM and point of sale systems could come under increased threat from advanced persistent threats (APTs) seeking to gain access to their processors. Many of these systems still run variants of XP leaving them vulnerable.
More malware targeted at Mac systems is on the cards too. Although the closed ecosystem makes it harder for malware to take hold, Kaspersky's blog notes that, "[...] there remains a subsection of users who'll gladly disable Mac OS X security measures -- especially people who use pirated software. This means that those looking to hijack OS X systems for a variety of reasons know that they simply need to bundle their malware with desirable software (probably in the form of a key generator) to enjoy widespread success". Since Macs are less likely than PCs to have antivirus solutions installed a successful infection can go undetected for longer.
The success of the recent Sony attack will lead to more of the same according to Jason Lewis, Chief Scientist, at threat intelligence company Lookingglass. "As with all high profile attacks, security spending will increase as a result of the Sony compromise. The cyber impact on PII and Sony employees will force companies to re-evaluate their security. While insider threat solutions have grown in popularity, the trend of external threats moving inside the enterprise is growing".
There will be a greater need for businesses to focus on incorporating security into all aspects of their operations says Shawn Marck, CSO and co-founder of DDoS protection company Black Lotus. "Since cybercriminals don’t limit themselves to targeting just one component of a company, a company can't limit itself to only protecting its offerings and departments in isolated manners. IT and security teams need to investigate every aspect of their enterprise to identify each area that needs to be taken into account for an effective cybersecurity strategy."
Where mobile security is concerned, document sharing service WatchDox sees technology taking a role in keeping company data safe. "In 2015, we'll progress into what Gartner calls the new era of mobile security: making work safe on untrusted devices. Thanks to developments in iOS and Android Lollipop, developers can now create apps that self-destruct in the event that they're opened on a rooted or jailbroken device in order to keep company data safe. This means enterprises can worry less about what devices employees are using, and focus instead on apps and software that can keep data safe wherever it travels", says Ryan Kalember, chief product officer.
Open source software is likely to play a big part in helping companies remain secure too. Oliver Thierry, chief marketing officer of social collaboration specialist Zimbra says, "We can expect to see an uptick in the interest in and implementation of open source software solutions due to the increased continuity and control open source software provides over proprietary solutions. In fact, a November 2014 Ponemon Institute study of U.S. IT professionals found that 74 percent of respondents believe that commercial open source software offers better continuity and control than proprietary software."
Whatever the coming year has to bring one thing is fairly certain, at some point there will be a Heartbleed moment that nobody has foreseen at all.