Jenrick IT are specialists at providing cyber security professionals for organisations throughout the UK. As a result, we are constantly aware of the changes within this sector and recently found the following article from Forbes.com, that highlights what are believed to be the biggest concerns on the future of information and network security in 2015.
CYBER SECURITY PROFESSIONALS PREDICT THEIR BIGGEST CONCERNS FOR 2015
With 2014 in the rear view mirror, it is fun to look forward to the year ahead and see if we can predict what may happen over the next twelve months. At the same time, predictions can prove to be very useful for businesses that are planning budgets and spending. So every December, cyber security experts begin to make their predictions on the future of information and network security.
“While no one can totally reliably predict the future, there are often good indications in what we see that provide likely directions for the coming year,” said Geoff Webb, senior director, security strategy with NetIQ. “For example, it was pretty clear at the end of last year, after the details of the Target TGT -0.05% breach became public, that it wasn’t going to be a one-off incident. Rather, it was the opening salvo in what has proven to be a year-long attack on the retail industry.”
Webb added that by being able to look across multiple sources of information, evaluating the patterns of attack and defense, and providing commentary to a broader market can help set the security conversation for the coming year.
“After all, the more we can share information, the better we all are at responding quickly and preventing successful attacks. And that has huge value for everyone.”
With that in mind, here are five things that security professionals believe we need to think about in 2015.
Attacks against virtual payment systems
In light of the recent retail breaches involving credit and debit cards, there are many who think that the move to mobile payment solutions will help solve the security problem. Patrick Nielsen, Senior Security Research, with Kaspersky Lab, however, believes that it won’t take long for cybercriminals to take advantage of a potential vulnerability in the system.
“We expect to see cybercriminals focus more on new payment systems as they are adopted and the potential for criminal financial gain thus increases. This will be in the shape of attacks against banks/virtual currency operators, the end users and their devices, and everything in-between. In fact, we already have some examples of malware stealing virtual wallets from users’ devices, and very high-profile incidents of banks themselves being infiltrated,” he said.
Cyber security professionals have enormous concerns for 2015 including Data Loss Prevention (DLP) and an increase in “raw” security incidents.
More old security holes surface in open source software
One of the most talked about security problems of 2014 was the Heartbleed bug. However, Heartbleed and other vulnerabilities found in open source code have been lurking there for years before they were discovered. Nielsen said we should expect to see more of these old security holes causing problems in 2015. The reason why these old vulnerabilities are just now coming to light is because, for the first time, people are taking more time to look at the potential security problems. But just as this is good for those who want to make the Internet safer, it is also an opportunity for bad guys.
“As serious holes are found in critical pieces of software that we’ve assumed to be secure for years, other curious people are likely to try to find their own holes, for good and (unfortunately often) nefarious purposes,” Nielsen said. “There’s a shift happening in how quickly we assume something to be secure, and we will continue to see the effects of this: more holes in critical software we assumed to be secure, and more efforts taken by companies and organizations to make sure that their products have been properly audited and scrutinized.”
Big Data Loss Prevention (DLP) will become a hot issue for business leaders
Businesses need to know where their business critical information is at all times. Flagging content and communication before it leaves the office is a good start but it is not enough.
“Machine learning, pattern recognition and ‘post-send’ message controls are the next wave of DLP functionality that will protect employees, clients and increasingly the brand,” said Cameron Burke, SVP of Business Development for Cirius.
Malware will be harder to detect and shutdown
It’s time we stopped thinking about malware as a nuisance that has to be kept off computers and start recognizing what it actually is – big business. And just like any business wants to grow stronger and increase its earnings in the coming year, malware developers will continue to put out products that will be sneakier and harder to detect, all in the name of higher financial gains.
“In 2014 we saw a number of significant wins against malware with the dismantling of several major botnets. This type of takedown will be much harder in 2015 with malware becoming stealthier,” said Andy Avanessian, VP of Professional Services at Avecto. “In the coming months, we will see increased use of p2p, darknet and tor communications, forums selling malware and stolen data will also retreat further into hidden corners of the internet in an attempt to avoid infiltration.”
Raw security incidents will continue to rise
The recent Sony attack is a warning of just how devastating a cybersecurity incident can be, and that we need to be prepared for just about anything. As Sungard Availability Services’ (AS) Matthew Goche stated,
“There are more bad actors who are more organized with better tools and have more upside than ever before. This trend does not show signs of subsiding. Our internal data gathering shows a significant increase in cyber events.”
Thinking beyond individual threats
Organizations today face unprecedented security challenges, Stephen Pao, GM Security at Barracuda, pointed out. Attacks often are targeted and increasingly sophisticated, and security professionals are being asked to address these risks across an ever more complicated environment.
“Focusing on the individual threat is a common approach to IT security; however, this doesn’t work in today’s threat environment,” he added. “With the move to virtualization, the cloud and the mobile internet, the attack surface is expanding. Organizations must make that shift as well to cover all areas of exposure – email, web applications, remote access, web browsing, mobile Internet, and network perimeters.”
The chances that all of these security predictions come true, at least in part, are pretty good. The question is whether or not businesses will be up to the challenge of tackling these security issues before they cause damage. And that, only time will tell. ARTICLE SOURCE: Forbes.com FURTHER INFORMATION: Jenrick IT are specialists at providing cyber security professionals for organisations throughout the UK. If you would like to gain a more detailed undertstanding of the cyber security services Jenrick can provide your organisation, please contact Miriam Lee (Head of cyber, security and defence consultancy services) on +44 (0) 1932 245 500.