Last year was a banner one for breaches, cyber attacks and advanced malware. In addition to the high-profile incidents at Sony Pictures after Thanksgiving and Home Depot before that, enterprise CIOs and their cyber security teams also had to deal with the spread of intense distributed denial-of-service attacks and destructive threats such as CryptoLocker.
Malware in 2015: Easy to create, but dangerous enough to require attention
As February 2015 arrives, there are still many emerging challenges in keeping corporate networks secure. Malware is not only increasingly diversified and capable, but also easier to create. An effective cyber criminal effort could just as well be predicated on an overwhelming amount of simple pieces of malware as it could be upon a monolithic, state-level attack.
Paul Christman, vice president of Dell’s Public Sector Software division, noted as much in highlighting the trend toward the creation of “recyclable” malware in particular countries. This trend matches up well with, for instance, the progressively lower wherewithal needed to execute DDoS intrusions in recent times, with many ready-made Web tools available to help would-be cyber criminals.
In this context of malware and disruption on-demand, cyber security practices must evolve. Rather than being reactive to threats and relying on aging solutions such as blacklist-based malware, an effective security architecture should incorporate practices such as proactive network monitoring with deep discovery, as well as tools that protect endpoints and cloud assets.
We’ll look here at a few malware-related challenges to keep in mind in 2015. Also, we’ll talk about what mitigation strategies can help enterprises ensure data protection in this threat environment.
Bring your own device and mobile malware: Could BYOD come to an end?
Ever since the first iPhone hit the market in 2007, bring your own device has picked up steam at a rapid pace. On the surface at least, it seems like a win-win for organizations and employees.
More specifically, the company saves by not having to procure its own hardware, instead diverting those expenditures to less expensive device management software. Meanwhile, workers get to use their preferred personal phones, tablets and laptops rather than IT-issued ones that can be creaky by comparison and years behind the cutting-edge.
A 2014 report by Egnyte found that 60 percent of organizations permit access to corporate data from personal devices. Among employees, 90 percent cited their smartphones as their most important devices. BYOD clearly has some traction, but there is the overarching issue of containing mobile malware on and preventing unauthorized access by non-company devices.
Research firm Gartner predicted last year that one-fifth of BYOD initiatives would fail because of overly restrictive policies meant to clamp down on new types of hardware. But would such failure necessarily be a bad thing?
Mobile operating systems used to be novel and unusual. Most office work was still done on PCs, which had received decades of cyber criminal attention and were more easily exploited. With mobile becoming primary mode of computing for a growing number of people, and with device shipments through the roof (around 1 billion Android devices were shipped in 2014, and Apple shipped more than 74 million iPhones in just the previous quarter), mobile is becoming a bigger, more familiar target. A Trend Micro report on BYOD from 2012 rightly asked BYOD companies “Are You Exposing Critical Data?“
Instead of wrangling with tons of different devices and testing each one, it’s possible that BYOD could be superseded by choose your own device, in which an organization provides options for a few pre-approved phones and tablets. There’s also the prospect of further limiting what types of data could be accessed from mobile hardware.
New approaches to virus protection software and malware detection: What role will human operators play?
As Trend Micro’s Raimund Genes predicted more than six years ago in ZDNet, blacklist-based antivirus is fading, for several reasons. For starters, the size of blacklist files has ballooned in tandem with the number of threats, making it impractical to store them on machines with limited memory.
But even with the advent of cheap storage options like cloud computing servers, traditional antivirus can’t keep up with zero-day attacks that by definition don’t have a corresponding blacklist entry. So what’s the alternative?
Whitelists, which limit access strictly to a list of preapproved applications, are a possibility. There’s also the prospect of replacing blacklists with algorithms that are adept at detecting anomalies in the network and, if necessary, immediately quarantining a potential threat without compromising network operations.
In the past, antivirus software was sometimes something that could be installed and forgotten, except on the occasions of notifications about scans. This design has naturally evolved into automated programs that look for threats without the need for human oversight, which seems reasonable given the scale of the current threat environment.
It’s possible, though, that such automation could still miss a vulnerability or two. At least one cyber security expert has argued that in 2015, human expertise will become increasingly important for understanding sophisticated malware that may skirt what algorithms and machines typically search for.
The Internet of Things and social media: Could these two become one giant attack surface?
Talking about the security vulnerabilities in the Internet of Things was a favorite topic for cyber security firms in 2014, and the attention to IoT issues appears set to only increase from here as more vendors and consumers explore IP-connected appliances. One trend to keep an eye on may be the intersection of the IoT with social media.
Facebook recently announced that it would be testing Bluetooth beacons in New York City to supply local content to its mobile app users. Beacons have so far been used mostly in retail to send contextual promotions to in-store users, but they could reach a new level of popularity given the size of Facebook’s user base (more than 1.3 billion).
Adding a social layer on top of the IoT may necessitate more cyber security attention. Social networks like Facebook and Twitter are often used for spear-phishing (as preludes to advanced persistent threats), so it will worth the time of security teams to ensure that whatever IoT infrastructure they’re testing is hardened and governed by easily understood usage practices.