As the new year fast approaches, many enterprises have cyber security at the forefront of their concerns. This year proved to be a milestone for data breaches and new attack methods continue to emerge every day. A wider variety of threat actors have come onto the scene over the course of 2014, leading to a wider variety of attack methods and a shift in the entry points used by hackers.
While the United States and China have always traded blows in the cyber security arena, data breaches and hacks coming from Russian actors are a relatively new occurrence. This year saw a major influx of cyber activity from former Soviet nations and most industry experts agree that 2015 will bring more of the same. Especially as the governments of the U.S. and Russia continue to grapple with one another, cyber espionage and theft of sensitive data will encourage an increase in this type of behavior.
“For better or worse, the cyber world is changing faster than the security models used by most organizations, and that will continue to leave us vulnerable to cyber criminals,” said Dave Frymier, vice president and CISO at Unisys, in an interview with Help Net Security.
Below are some of the cyber security trends that are likely to be seen in 2015:
Attacks targeting devices connected to the Internet of Things
Information has become the new global currency, with seemingly innocuous pieces of personal data able to be used to create devastating social engineering attacks that can result in the loss of Social Security numbers, financial information or other forms of sensitive data. While thieves have been after credit card numbers for years, now things like email passwords and application log ins are desirable targets for cyber criminals.
The Internet of Things is one of the most talked-about advances of the technological age and billions of devices are set to be connected to it in the coming years. A growing number of machines are now Internet-enabled, from coffee makers to washing machines and everything in between. And while this is sure to offer many benefits in the long run, in the short term it creates a multitude of new entry points for hackers to exploit when looking for a way to steal privileged data.
Trend Micro researchers Geoff Grindrod and Katie Wen noted in a blog post that one of the most important considerations to take when utilizing a device connected to the IoT is to implement automatic security updates. Not all vendors offer this option, but those that don’t usually provide a semi-automatic process that makes the update available and then sends continuous reminders for users to download the new software.
Grindrod and Wen recommend that all users, even those taking advantage of automatic security updates, utilize some form of data encryption for their IoT-connected devices. Ensuring that encryption capabilities are turned on and are being used properly is an important step to take when working toward protecting personal information and the networks it is stored on.
Threats to mobile devices
Just as the IoT gained prominence in 2014, mobility became increasingly important this year. More companies than ever implemented bring-your-own-device policies, cloud computing and remote working options to encourage mobility among their employees, and all of those initiatives were made possible through the easy availability of sophisticated mobile devices.
According to information from Trend Micro, the number of global smartphone subscribers is expected to reach 3.5 billion within the next five years. Laptops, smartphones, tablets, e-readers and now wearables have all become mainstays in modern offices, and hackers know this. The use of mobile malware exploded in 2014, with cyber criminals leveraging the popularity of certain entertainment and banking applications to trick users into loading malicious software onto their devices.
The emergence of mobile malware specifically targeting financial information is especially worrying as new services like Apple Pay – where a user’s banking data is stored within their phone so they can pay for things without a credit card – become increasingly popular. As consumers rely more on their devices for a growing number of daily functions, the ability to protect phones and tablets will become more important than ever before.
A recent Trend Micro blog post pointed out that there are a few easy steps organizations can take to increase security when introducing mobile devices to their networks. Requiring certain default settings remain unchanged (such as those enabling encryption capabilities), blocking the use of certain questionable app stores and banning the use of any jailbroken or rooted devices all dramatically reduce the cyber threats facing enterprise networks.
While it is beneficial for enterprises to implement these security measures, there is still the possibility that attacks will find their way through. The ever present specter of cyber attacks is what will cause the next trend on the list to become more prevalent in 2015.
Increased cyber security spending/larger emphasis on encryption
Tech giants Apple and Google have already begun to lead the charge toward an enhanced focus on cyber security and encryption in particular. Improving security postures has been important to companies for a while now, but a greater level of attention has been paid to implementing data encryption in recent months as more attacks targeting specific pieces of information take place. In 2015, a growing number of businesses setting aside funds for this specific purpose are likely to be seen.
In an October blog post, Trend Micro researchers noted that businesses need to inventory the data they have in order to decide which pieces are the most valuable. Sifting through information stored in servers, endpoints, networks and cloud environments allows an organization to gain a comprehensive overview of their current threat landscape. Once core data has been identified, the bulk of an enterprise’s security efforts should go toward encrypting and protecting it. Utilizing central policy management ensures data is protected while being transferred from one location to another and can be used throughout all layers of security.
