Partner Article
14 Security Predictions for 2014
Check Point’s VP of product management, Gabi Reish, looks back at how accurate security forecasts for 2013 proved to be, and gives his predictions for the year ahead.
With the end of the 2013 approaching, we start looking forward to the coming year, to try and predict what lies ahead. It’s also useful to reflect on what’s happened in the past 12 months, to see how accurate our previous predictions proved to be.
Check Point’s top five predicted security threats for 2013 were social engineering, APTs, internal threats, BYOD, and cloud. All five predictions were realised; especially internal threats, with Edward Snowden’s NSA security breach being among the biggest data leaks ever by an insider.
Like most IT security professionals, I really want my predictions not to come true: I would prefer organisations didn’t get hacked, infected by malware, or suffer data breaches. But by predicting the next wave of threats, we hope to help organisations stay on top of the evolving tactics and exploits that criminals will use to target them. So here are my 14 predictions for 2014, covering 10 major security threats to businesses, followed by four ways in which defences will evolve.
1. Social engineering
This isn’t a new threat, but it’s showing no sign of getting old. Social engineering using targeted emails remains the primary method for launching malware and phishing attacks on businesses. One of the most recent is the large-scale Cryptolocker ransomware attack, which arrives in plausible-looking bank related emails, and uses ultra-strong encryption to permanently scramble business data unless a ransom is paid to the attacker.
2. Internal threats
Again, not a new threat, but it’s still a huge risk – as mentioned earlier in the case of the NSA breach by a trusted insider. Senior figures at the NSA have said only 20 of its staff should have had access to the classified data that was downloaded and released by Snowden. Trust is a precious commodity, and is all too easily exploited.
3. Targeted malware campaigns
At the end of 2012, the ‘Eurograbber’ attack which stole nearly $50M from 30 banks in Europe was reported. We can expect more highly sophisticated malware campaigns like this, aimed at stealing either money or intellectual property. And if neither can be stolen, criminals will simply extort money by hijacking or destroying data – as the example of Cryptolocker has shown.
4. Botnet bother
Bots will continue to be a core attack technique, simply because they’re effective. Our 2013 Security Report analysed the networks of nearly 900 companies worldwide, and found 63% had bot infections. 70% of these bots communicated with their command centres every two hours. Bots are here to stay.
5. BYOD = big bills
We may be a little bored of hearing about BYOD, but it’s still a big problem. We surveyed 800 businesses globally in 2013, and 79% had a costly mobile security incident in the past 12 months. 42% said the incident cost over $100,000, and 16% put the cost at over $500,000.
6. Attacks on state interests and infrastructure
State-backed cybersnooping and attacks will continue on all sides of the geopolitical spectrum, targeting military, government and commercial interests. Both the US and UK ran major TV dramas in 2013 that imagined what might happen in the event of major cyberattacks on infrastructure. These are still a very real threat, as attacks such as Stuxnet, Flame and Gauss have shown.
7. Website wars
Financial institutions have been battling waves of distributed denial of service (DDoS) attacks over the past two years. This will spread to a wider range of public sites, aimed at causing downtime and disruption – for example, the US Healthcare.gov (Obamacare) site. We will also see more complex, multi-vector attacks on websites that combine DDoS with account tampering and fraud.
8. Customer data theft
Customer information is still a prize target, as the high-profile hacks which stole tens of millions of users’ credentials from Adobe, Evernote and LivingSocial showed this year. Any organisation which holds volumes of customer data is a target for hackers.
9. Anti-social media
Hijacking Twitter users’ accounts is commonplace: in April, a hacked Associated Press Twitter account issued a bogus report claiming that the White House had been bombed, causing the Dow Jones index to fall 150 points in minutes. Hijacking will start to spread to more business-oriented social media sites, with criminals starting to hijack LinkedIn accounts to help them profile or phish other users to mount attacks.
10. Smart home invasion
As the Internet of Things develops, and more IP-based household appliances are introduced (smart TVs, personal networks etc), criminals will look for weaknesses that can be exploited by hooking into these systems to gain personal information – such as your daily living patterns.
Although these 10 threat predictions seem bleak, security protections against threats continue to evolve, too. Here are my four predictions of how defences will develop in 2014.
Unifying layers of security
Single-layer security architectures, or multi-vendor point solutions no longer offer effective protection to organisations. We will see more and more vendors attempting to offer unified, single-source solutions through development, partnership and acquisition. This is already happening, and we will see increasing collaboration to fight threats.
Big data
Big data will give tremendous opportunities for threat analytics, enabling identification and analysis of patterns relating to past and emerging threats. Vendors will increasingly integrate these analytics capabilities into their solutions; and enterprises will also invest in their own analytics to help with decision-making through enhanced context and awareness of threats to their business.
Threat collaboration
Security vendors and customers realise that no single organisation can have a complete picture of the threat landscape. Collaborative sharing of threat intelligence is needed to maintain up-to-date protection. This will drive partnerships between security vendors and end-users to augment unified security solutions with the latest intelligence to coordinate the fight against threats.
Cloud consolidation
The cloud is where it will all come together – unified security, big data and threat collaboration. It will be the platform that supports and enables delivery of these enhanced protections to organisations.
This was posted in Bdaily's Members' News section by Check Point .
Enjoy the read? Get Bdaily delivered.
Sign up to receive our popular morning National email for free.
Our Partners
North East can't be an afterthought in AI future
Understanding the impact of the Procurement Act
Is the UK losing ground in life sciences investment?
Construction workforce growth can't be a quick fix
Why it is time to give care work a makeover
B Corp is a commitment, not a one-time win
Government must get in gear on vehicle transition
Growing a biotech business in the North East
A legacy in stone and spirit
Shaping the future: Your guide to planning reforms
The future direction of expert witness services
Getting people into gear for a workplace return