What security threats will enterprises face in 2015? [Q&A]
Last year saw a number of high profile security incidents hit businesses. From attacks on individual companies to bugs like Heartbleed that had the potential to affect large numbers of organizations.
Can we expect more of the same in 2015 or will the threat landscape continue to evolve? We spoke to Mark Bermingham, director of global B2B marketing at Kaspersky Lab, to find out.
BN: We've seen cybercriminals become much more businesslike with the dark web being used to sell tools and services. Can the security industry combat this or does it risk driving the perpetrators further underground?
MB: Cybercriminals have recently become more focused on stealth attacks. While this is their focus, Kaspersky Lab has evolved its discovery techniques to keep pace with the renewed emphasis on malware authors attempting to hide or erase their tracks. It's become a complicated game of cat and mouse. However, it's important to acknowledge that as malware increasingly becomes more sophisticated, one specific goal of cybercriminals is to attempt to be completely anonymous.
BN: Windows has historically been the main target for malware but we're starting to see that spread to Android and other systems. Can we expect to see more systems including iOS and Linux becoming vulnerable?
MB: One of the largest growth areas for malware is mobile. We've seen mobile malware spike significantly over the last couple of years. As consumers and businesses shift to using mobile devices for a greater percentage of their daily activities, cybercriminals will place a larger emphasis on targeting these platforms -- specifically Android and jail-broken IOS devices. Remote find, lock and wipe aren’t enough. Containerization is an excellent vehicle for ensuring isolation and separation of corporate and personal data on mobile devices, but these measures offer reactive security. It is critical for businesses to place mobile security agents on these devices, with capabilities like anti-malware, anti-spam and anti-phishing, to ensure proactive security.
BN: Is there a trend towards attacks becoming more targeted with a view to stealing financial information or intellectual property?
MB: There isn't a clear cut answer. It is important to note that stolen data assets are often monetized and that both attack types have increased and will likely remain high. In fact, we recently conducted a survey that found 94 percent of organizations encountered at least one cybersecurity incident in the past 12 months. Of these incidents, the number of organizations that reported having at least one targeted attack rose substantially, with 12 percent of respondents indicating that they experienced at least one targeted attack in the past year. However, I expect we'll see more financial impacts being publicized as businesses, and particularly consumers, become more comfortable and increase financial transactions via the Internet. This will likely become an attractive target for malware authors.
BN: Mobile payment systems are expected to take off in a big way this year. How can consumers and retailers ensure they stay protected when using mobile in new ways?
MB: Ensure due diligence with these devices. Deploy security agents when and where possible. Implement the security measures that are available with some devices like encryption and basic credential checks. Don't store passwords on these devices or have settings in place that don't require passwords. And make sure that you have a plan in place should a device become lost or stolen.
BN: As more and more devices get connected to the Internet of Things will they become subject to mass attacks and how can the data they hold be protected?
MB: IoT presents a new challenge for vendors like Kaspersky Lab since these devices will operate differently from traditional devices where security is understood to be required. Over time, the IoT will likely become a target -- especially as it becomes more connected to personal and corporate devices. These devices will require security in place, but special challenges exist in this space because of the functional goals of IoT. This is an emerging space and security requirements continue to evolve, but this environment will likely be a target of attack and security must be a key consideration.
BN: Recent events like the Sony hack have led to fears of state-sponsored hacking and malware. How real a threat is this and will we see governments becoming more involved in combating cyber threats?
MB: This is a trend that may continue, but these are generally extremely well-funded, highly sophisticated attacks designed with a specific purpose and are laser-focused. There is generally a tremendous effort with these types of attacks for cybercriminals to hide their tracks, so these are some of the most difficult types of attacks to identify. The threat resulting from these attacks is that malware authors often learn from these sophisticated attacks and deploy similar techniques on businesses and consumers.
BN: Finally, what simple steps can business take today to help protect themselves?
MB: Perform due diligence when selecting and deploying security in your environment. The game has become more complex so your security infrastructure must keep pace. Deploying a best-in-breed AV solution is a tremendous first step, but not all AV is created alike. Small differences in AV efficacy have a significant impact. Additionally, security tools such as controls, patch management, encryption and others are critical to evaluate.
Photo Credit: watcharakun / Shutterstock