Cyber security is now a public issue and sadly, 2015 will be the year we expect to see it hit hard. Here, we break out several trends we anticipate as we prepare to ring in the New Year.
Security concerns hit mobile apps
From the contacts on your phone to the contents on your PC, attackers will be targeting the general public in a way we haven’t seen before. In the past year, we saw headline after headline announcing the devastating consequences of the Heartbleed and Shellshock bugs. That’s not likely to change. In fact, we expect to see even more large technology breaches similar to Heartbleed and Shellshock that can potentially cause devastating consequences. We believe 2015 will bring more attacks that are tough to patch, cause widespread damage and are incredibly expensive to mitigate.
PoS devices under increasing attack
As retailers respond and strengthen their security perimeter, and as more threat actors jump on the POS bandwagon, expect to see more middle-layer attacks that target payment processors and companies that manage and maintain POS devices. One intrusion could hand credit card information worth millions to a hungry hacker so we believe this avenue will continue to be hard hit. Even worse, small- to mid-sized retailers are likelier targets, since they have neither the resources nor the knowledge to defend against this evolving threat.
Beware of ransomware
Ransomware is likely to become a more popular strategy this year. The Cryptolocker malware proved highly effective for cybercrooks, who charged victims of stolen data a ransom to get access to their own files or face losing them for good. Given the success of that approach, we fully expect to see this strategy used more in 2015, particularly in the less-secure mobile arena and in cloud-based segments.
Speaking of the cloud, as it becomes more prevalent in day-to-day business dealings, it becomes a more attractive target for thieves. Because third-parties manage the data stored in the cloud, they provide another ‘in’ for hackers looking to steal information. Look for this area to see an increase in cyber attacks and attention.
Look who’s calling
Smart phones that hold data that are of enormous interest to hackers. And in hackers’ eyes, they’ve become a prime target because security is sorely lacking on most of them.As more and more companies engage in BYOD, they’re opening themselves up to increasing risks that hackers will find their way onto an organization’s network. And the threats are as close as the ‘send’ button on a mobile phone. As Apple Pay ramps up its position in the mobile payment space, we fully anticipate that hackers will find Near Field Communications (NFC) an attractive option.
Defensive measures
Not all of the trends we see involve intrusion – we do expect to see companies increase their focus on detection and response. As a result, we’ll see businesses managing their security differently than they have in the past. Cyber insurance is likely to become a key part of cyber strategies, with businesses seeking to marginalize the costs of a breach. It’s also likely that fewer organizations will choose to run their own Security Operations Centers (SOCs) as the number of threats continues to increase and the cost to detect and contain them keeps pace. We fully expect that a growing number of companies will turn to managed defense services for a security partnership that is better positioned to handle the increased activity.
The Bottomline
The threat landscape has been evolving since the beginning and it will continue to do so in the coming year. Threat actors will keep pace, finding new and ingenious ways to thwart even the best defenses. Breaches will continue to happen. What we hope will change is this: that companies will find smarter, more effective methods to detect, prevent and contain the risks to keep their networks, their data and their customers protected.