Every year brings a fresh round of cyber security challenges. This year, surveillance revelations, an ever increasing number of points of vulnerability and the co-ordinated efforts of professional cybercriminals have been driving new safeguards and strategies for protecting the corporate network and data. As the sophistication of cyber crime reaches new levels, and new attack vectors multiply , here we examine the key areas that demand our attention in the year ahead.
Social Media
As social media sites continue to attract vast swathes of new users, they’ll create brand new avenues for cyber criminals to deliver malicious code. This stands to reason; by its very nature social media allows for easy connection, users are voluntarily disclosing personal information and malware can be spread rapidly. If you have 300 friends on Facebook, only one has to be compromised to compromise your entire circle. There’ll be an estimated 3.7 billion user accounts in 2014 – making them a prime target for malicious activity.
Points of vulnerability are shifting sands
The security perimeter is a more penetrable boundary and cyber criminals can take advantage of multiple attack vectors to gain access to a company’s network. These points of vulnerability – mobile devices, USB drives and Blue Tooth speakers – will multiply through next year, making it difficult for organisations to keep track of all the different entry points.
Just as cybercriminals will exploit the increasing consumerisation of IT, as part of the fight back we’re likely to see organisations focussed on the extension of security protection to non-corporate owned devices to shore up their defences.
Hardware will be the next big target
We will see an increased volume of malware targeting hardware with cybercriminals attacking beneath the operating system. The entry route to infect the network could be mobile devices as cybercriminals use smart phones or USB devices to gain access to PCs via Wifi.
Surveillance Revelations – Encryption will be key
The heightened awareness of, and revelations on surveillance will be a driver for companies to tighten up security and develop ways to protect their data from decryption. Next year could see more changes in the way that new encryption technologies are deployed; Yahoo recently announced that it is to encrypt users’ data and most recently tech giants including Yahoo, Google, Apple and Facebook have joined forces to call for reforms that would allow them to resist unreasonable demands for customer data.
Lack of collaboration will work against us
Criminal communities exploit the advantage of strength in numbers by sharing strategies and tools. If we, in the industry, don’t work together and join forces, then innovations in security protection and detection will suffer a massive setback.
Now, more than ever, we need a collective approach to tackling security to make headway in the cyber security arms race. Innovations such as the rollout of the National Cyber Security Programme are a positive move; we need more investment and more shared resources to fuel advancements in this sector.
Look out for the anomalies
Rather than waiting for the ‘hit’ we have to go on the offensive and take a proactive stance to safeguard the network. Enterprises need to focus on tracking down the anomalies on their networks and the alerts for suspicious behaviour that an attack leaves behind as it moves through the system.
In future, we need to operate at a constant level of alertness and have tools that are actively looking for things that are strange. Next year, we need to see more proactive activity, because the reality is, if you are a medium or large size enterprise and you think you haven’t been breached yet, you’re probably wrong. You just haven’t found it yet.
Sam Maccherola VP Sales, General Manager EMEA & APAC , Guidance Software
Area of Expertise: Cyber Security, Digital Forensics, E-Discovery.
Professional Biography: Based in London, Sam Maccherola as Vice President of Sales for the Europe, Middle East, Africa, and Asia Pacific regions. He is responsible for managing the strategic direction of the organisation, as well as all operations, sales, and business development across these regions. Mr. Maccherola has more than 20 years of experience in managing and directing global business operations within the software industry. Before joining Guidance Software, he was the Vice President of Sales for IT security company HBGary, and prior to that, he was the President of Tenix America. Mr. Maccherola also held senior positions with Tumbleweed, Entrust Technologies, Platinum Technologies, and Legent Corporation.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.