←All Posts Posted on January 10, 2015 By admin
Last year saw a number of high profile information security incidents. These ranged from targeted attacks on particular businesses, such as Sony, to vulnerabilities like Heartbleed that had the potential to affect a large part of the web.
It would be naïve to think that we won’t see similar incidents in 2015. But what are the areas where we’re likely to see information security making the news this year?
Whist there’s a popular image of hackers remotely attacking computer systems, often threats to businesses come from insiders who already have legitimate access to systems. These may be employees but could also be third-parties such as contractors or consultants.
If information is being stolen from within it may take longer to come to light and it can be much harder to trace and determine the extent of the problem when it does. This means security breaches stemming from insiders can prove more damaging than those that come from outside the organisation.
The situation is made worse by tighter budgets and cost cutting which can lead to shortages of skilled staff and a delay in instituting a suitable incident response. Recent figures show that some information security budgets have even declined in recent years. Smaller companies in particular may not be spending enough to ensure their systems stay safe.
As devices like smartphones and tablets have become more affordable, so there’s been increased demand to allow mobile working. Whether this is in the form of devices supplied by the employer or a BYOD policy, it opens up a range of new issues when it comes to keeping equipment and information secure.
Companies are increasingly turning to mobile device management (MDM) and mobile application management (MAM) solutions. These allow separation of business and personal data and provide a ‘kill switch’ to wipe data should the device be lost or stolen.
This is a trend that seems set to continue in 2015 and at the very least companies need to have in place a policy to deal with mobile device usage.
Ransomware has been around for a while, restricting access to the computer in order to extort money from the victim. It’s a particular threat to individuals and smaller businesses, and it’s likely to become more sophisticated in both its methods and its targets.
According to security company McAfee, ransomware will seek to target systems that are linked to cloud storage solutions. By encrypting storage like Dropbox or Google Drive it will have a much more severe impact. Users may find that their cloud backup copies have also been locked by the malware making it harder to recover.
Increasingly companies are turning to the cloud as a way of reducing their IT costs and it therefore becomes much more attractive as a target for cyber criminals.
State-Sponsored Hacking and Hacktivism
John Nesbitt, founder of Cyber Senate, a community of global cyber security business leaders famously warned recently that, “the next world war will be fought on a keyboard.” With the recent Sony hack we’ve seen increasing evidence that some national governments may be involved in the attack or use it for obtaining a political benefit.
This could be to undermine or gain an advantage over other states. It could also be to obtain sensitive information. There may be overt attempts to cause disruption – probably by smaller states or cyber terrorists, but those with more experience and bigger budgets will be much more stealthy about their activities.
Already ‘hacktivist’ groups are pooling their resources to share knowledge and launch coordinated attacks on a worldwide scale. This is something that is set to become more common with more sophisticated exploits being used to launch attacks.
Of course it isn’t just other governments that are at risk. It’s equally likely that foreign governments will want to snoop on corporate and private networks. This is especially true for high-profile industries like power generation and defence suppliers.
Many enterprises are turning to insurance to guard against the costs associated with losing data. This can help cover the cost of computer forensics investigations following a breach or with clean up and compensation costs. On a more positive note having insurance can spur companies to take better security measures in order to reduce their premiums.
Whilst the traditional attack routes, like remote code execution to perpetrate drive by attacks, will continue the use of other methods will come into play. DNS for example will play a bigger role in attacks.
There’s already evidence that the use of DNS to provide website spoofing, command and control for malware and to amplify denial of service attacks is on the increase.
Finally the after effects of code vulnerabilities like 2014’s Shellshock and Heartbleed will continue to be felt. The sheer size of the web means that it takes time to address flaws that have the potential to affect thousands of computer devices.