Unless you're planning a return to typewriters to avoid electronic data leaks as the Kremlin has reportedly done this year, you'll need to be aware of the ever-changing information security landscape. There are possibly too many threats and mitigating strategies to cover – expect much more security awareness overall – but here's a taste of what's to come from the desks of those who see threats and their effects daily.
Security v privacy
The debate around security and privacy, and which is more important, will be a huge issue next year, says Michael Sentonas, global chief technology officer at McAfee.
Advertisement
Under adjusted privacy legislation to come into effect in Australia in March, companies will be liable for fines of up to $1.1 million for privacy breaches. For example, “if you lose customer names, that's not so bad, but together with emails, it's a privacy issue," says Sean Kopelke, Symantec's director of technology, Asia Pacific.
All that points to a surge in privacy-preserving apps that encrypt and transfer files securely, says NICTA's professor Aruna Seneviratne.
"We will be prepared to pay more for apps that provide a service without revealing information about ourselves."
There will also be a rise in users adopting aliases and fake names on social networking sites to protect their privacy, according to Symantec.
Elsewhere, the security sector should be kept busy with all matter of threats to almost every facet of technology:
– The internet of things – when everything is connected to everything else via the internet – will become the internet of vulnerabilities, says Brenton Smith, vice president and managing director, Symantec, Asia Pacific. "Increasing numbers of connected devices mean increasing levels of intrusion points."
– While much work is due to be done on securing devices no one thought vulnerable before – household appliances for example – much effort will still be required to secure data and networks from social engineering. Sophos predicts greater focus from cybercriminals on high quality and convincing phishing and social engineering methods to compensate for harder-to-exploit operating systems such as Windows 8.1.
– Click-jacking and watering hole attacks will become more common. Targets will be are lured to popular sites (watering holes) using a clever social engineering ruse or click-jacking, in order to compromise computers with exploits, says Mehta. "With fewer operating system vulnerabilities found, threat actors will instead focus on bugs in certain software suites."
– Organisation apps help organise other people too. Beware of giving hackers access to internal systems when you offer apps to customers, says senior Forrester analyst Tim Sheedy.
– Data encryption: Organisations will encrypt data as it is captured, rather than as it stays on or leaves its systems, says Sheedy.
– Mobile devices are likely to be the platform for many more attacks in 2014. Expect exploitation of mobile transaction authentication numbers from incoming text messages as well as more examples of banking information being captured at time of transaction, says Sentonas.
– Attacks leveraging vulnerabilities in widely used but no longer supported softwaresuch as Java 6 and Windows XP will intensify, says Sanjay Mehta, managing director Trend Micro, Australia and New Zealand. "Embedded systems, including point-of-sale terminals, healthcare devices and critical infrastructure, may also pose network threats, as they often run older and unsupported Windows versions."
– With more companies adopting bring-your-own-device policies, security measures will be implemented directly onto people's choice of hardware, says Ian Teague, Akamai Technologies' senior manager for Australasia. Brace for an increase in apps and solutions to secure smartphones and tablets.
– As more critical business data is moved to the cloud, cybercriminals will look to focus their attacks on data stored in the cloud rather than data stored onsite, says Gerry Tucker, country manager, Australia and New Zealand for security software company Websense. However, Symantec's Kopelke says cloud-based services can offer increased security because many organisations struggle with security expertise in their own ranks.
– Executives beware of LinkedIn and other social media. Attackers will increasingly research and lure executives and compromise organisations via professional social networks such as LinkedIn to gather intelligence and compromise networks, says Tucker.
– Good and bad news: FireEye's Yichong Lin says we can expect fewer Java zero-day exploits that take advantage of a security vulnerability on the same day it becomes known. Unfortunately, this will be replaced by more browser-based attacks.
– Planting malware will continue to harvest data for criminals. FireEye's Amanda Stewart says more attacks will use stolen or valid code signatures to infiltrate systems. "These signatures allow malware to spoof as legitimate executables and bypass traditional anti-virus looking for those characteristics." The firm also predicts more malware will infiltrate supply chains. "Expect more malicious code in BIOS and firmware updates," says FireEye's Bryce Boland.
Comments
Post a Comment