10 things to watch out for in cyber security
Cyber security features in the mainstream media more than ever before. In 2015, significant breaches affecting global organisations were reported on a weekly and sometimes daily basis. Nation state hacking activity continued, vulnerabilities and malware continued to rise and phishing attacks grew in complexity as cybercriminals looked for innovative ways to monetise their efforts.
So, with cyber security back at the top of the agenda, what trends need to be on your radar? Armed with data, we think cybercriminals will serve up highly targeted attacks and look to hold companies to ransom with the threat of a cyber-attack.
Here are ten things we think you need to look out for:
- As the internet of things grows, so will distributed denial of service (DDoS) attacks
Criminals will use Internet of Things (IoT) connected devices to build botnets, creating a launchpad for damaging distributed denial of service (DDoS) attacks. It’s easy (and cheap) to rent DDoS-as-a-service, and these attacks will continue to evolve.
- Data will remain king
Attackers’ hunger for data will grow. Cybercriminals can misuse data in multiple ways as they seek to monetise their efforts through extortion, identity theft or gaining access to networks using social engineering tactics. Sectors with large amounts of personal data such as legal, education and telecommunication will be a target and will need to take action.
- Web apps will be under attack
Due to online gaming and TV programmes, the concept of hacking is more mainstream than it’s ever been. Hacking doesn’t always require a lot of skill. Low level hackers will continue to use tried and tested attacks such as SQL injection, still the number one OWASP threat, to target ‘low hanging fruit’, resulting in more threats than ever before.
- Things are going to get personal
Ransomware has steadily been on the rise over the last couple of years with malware authors creating increasingly complex variants including many that use end-to-end encryption. We expect cybercriminals to make threats more personal with Doxing for ransom a Fujitsu 2016 prediction.
- Biometrics is on the rise
Passwords are easy to lose, hack or share. However companies are turning to biometric solutions as an additional layer of authentication to protect their data and their employees. Users no longer see this additional layer of security as onerous largely down to iphones.
- Flash in the spotlight
Hackers continue to use Adobe Flash as an attack vector to install malware. This will be the year where organisations consider whether it is worth the risk and is needed anymore in an enterprise environment.
- The insider threat will grow
It might be malicious, it might be accidental, or it might be due to a tech savvy employee circumventing controls. But with the increase in breaches, organisations will look to tighten and lockdown their security controls, there could be a situation where employees attempt to go around those measures.
- Checking the mail properly will be vital
Phishing is getting harder to spot and we think criminals will continue to imitate legimate organisations. One example of this is hackers mimicking banks by sending official looking letters to companies and individuals for offers such as loans. It will in fact direct victims to a URL that contains malware. Are you on the lookout for things you didn’t ask for?
- Companies will need expert help
Fewer companies will have the resources to keep on top of threats. We predict intelligent led SOCs (iSOCs) and virtual SOCs (vSOCs) will grow as a result of this as organisations increasingly send their logs to an expert SOC-managed security services provider.
- ‘Encryption woes
As the adoption of SSL/TLS protocol increases to serve web content more securely, this will need to go hand-in-hand with interception technology to inspect content, or companies will have a huge blind spot. The deprecation of SHA-1 may also leave many users unable to surf parts of the web, particularly those with older devices.
Many of the breaches detailed in 2015 have been US based companies. However, with changes in legislation looming, many EU organisations will have to report breaches in the near future. There will need to be a significant change in attitude towards the threat European businesses also face. Security must be a top priority for every business. Threats and attack vectors are not geo-specific; the attacks facing US organisations will be the same threats their European counterparts face.
Get the full picture by downloading Fujitsu’s Annual Security Report.
Latest posts by Paul McEvatt (see all)
- Petya, Medoc and the delivery of malicious software - June 30, 2017
- Artificial Intelligence and automation is the obvious solution to defend today’s businesses - March 24, 2017
- Securing our connected future - January 4, 2017