14 big security predictions for 2014

email article email article print article print article tip @techmeme

Online security

Towards the end of last year, my top five predicted security threats for 2013 were: social engineering, Advanced Persistent Threats (APTs), internal threats, BYOD, and cloud. All five predictions were realised; especially internal threats, with Edward Snowden’s NSA security breach being among the biggest data leaks ever by an insider.

Like most IT security professionals, I really want my predictions not to come true: I would prefer organisations didn’t get hacked, infected by malware, or suffer data breaches. But by predicting the next wave of threats, we hope to help organisations stay on top of the evolving tactics and exploits that criminals will use to target them. So here are my 14 predictions for 2014, covering 10 major security threats to businesses, followed by four ways in which defences will evolve.

1. Social engineering

This isn’t a new threat, but it’s showing no sign of getting old. Social engineering using targeted emails remains the primary method for launching malware and phishing attacks on businesses.

2. Internal threats

Again, not a new threat, but it’s still a huge risk–– as mentioned earlier in the case of the NSA breach by a trusted insider. Senior figures at the NSA have said only 20 of its staff should have had access to the classified data that was downloaded and released by Snowden. Trust is a precious commodity, and is all too easily exploited.

3. Targeted malware campaigns

We can expect more highly sophisticated malware campaigns in 2014, aimed at stealing either money or intellectual property. And if neither can be stolen, criminals will simply extort money by hijacking or destroying data.

4. Botnet bother

Bots will continue to be a core attack technique, simply because they’re effective. A recent analysis of the networks of nearly 900 companies worldwide, found 63% had bot infections. Seventy percent of these bots communicated with their command centres every two hours. Bots are here to stay.

5. BYOD = big bills

We may be a little bored of hearing about BYOD, but it’s still a big problem. A survey of 800 businesses globally conducted in 2013, found that 79% had a costly mobile security incident in the past 12 months.

6. Attacks on state interests and infrastructure

State-backed cybersnooping and attacks will continue on all sides of the geopolitical spectrum, targeting military, government and commercial interests.

7. Website wars

Financial institutions have been battling waves of distributed denial of service (DDoS) attacks over the past two years. This will spread to a wider range of public sites, aimed at causing downtime and disruption. We will also see more complex, multi-vector attacks on websites that combine DDoS with account tampering and fraud.

8. Customer data theft

Customer information is still a prize target, as the high-profile hacks which stole tens of millions of users’ credentials from Adobe, Evernote and LivingSocial shown this year. Any organisation which holds volumes of customer data is a target for hackers.

9. Anti-social media

Hijacking Twitter users’ accounts is commonplace: in April, a hacked Associated Press Twitter account issued a bogus report claiming that the White House had been bombed, causing the Dow Jones index to fall 150 points in minutes. Hijacking will start to spread to more business-oriented social media sites, with criminals starting to hijack LinkedIn accounts to help them profile or phish other users to mount attacks.

10. Smart home invasion

As the Internet of Things develops, and more IP-based household appliances are introduced (smart TVs, personal networks etc), criminals will look for weaknesses that can be exploited by hooking into these systems to gain personal information – such as your daily living patterns.

Although these 10 threat predictions seem bleak, security protections against threats continue to evolve, too.

Here are my four predictions of how defences will develop in 2014.

Unifying layers of security
Single-layer security architectures or multi-vendor point solutions no longer offer effective protection to organisations. We will see more and more vendors attempting to offer unified, single-source solutions through development, partnership and acquisition. This is already happening, and we will see increasing collaboration to fight threats.

Big data
Big data will give tremendous opportunities for threat analytics, enabling identification and analysis of patterns relating to past and emerging threats. Vendors will increasingly integrate these analytics capabilities into their solutions; and enterprises will also invest in their own analytics to help with decision-making through enhanced context and awareness of threats to their business.

Threat collaboration
Security vendors and customers realise that no single organisation can have a complete picture of the threat landscape. Collaborative sharing of threat intelligence is needed to maintain up-to-date protection. This will drive partnerships between security vendors and end-users to augment unified security solutions with the latest intelligence to coordinate the fight against threats.

Cloud consolidation
The cloud will be the platform that supports and enables big data analytics and collaborative sharing of threat intelligence, enabling vendors’ unified security solutions to deliver enhanced protection to organisations.

email article email article print article print article

  • Ulf Mattsson

    I agree that “We can expect more highly sophisticated malware campaigns in 2014, aimed at stealing either money or intellectual property.”

    ZDNet reported recently in “Sell my company’s data? Make me an offer” that many organizations are struggling to manage ‘who has access to what?’ across the enterprise. This in combination with “highly sophisticated malware” will make this situation significantly worse during next year.

    Modern malware is harder to detect and can even sniff out sensitive data from memory while applications are using the data.

    The good news is that this problem can be solved.

    I think that organizations are typically exposing large amounts of sensitive data to too many applications and users.

    I think that all sensitive data should be protected by using modern data security methods that can turn the data into “no value data” for the attacker. The protected data “tokens” will only have a value to other systems in the attacked enterprise and thereby minimizing the attack surface.

    A study from the Aberdeen Group that revealed that “Over the last 12 months, data tokenization users had 50% fewer security-related incidents (e.g., unauthorized access, data loss or data exposure than tokenization non-users”. Aberdeen has also seen “a steady increase in enterprise use of tokenization as an alternative to encryption for protecting sensitive data”. The name of the study is “Tokenization Gets Traction”.

    I think it is time to listen to the guidance from the Aberdeen Group when it comes to securing sensitive data.

    Ulf Mattsson, CTO Protegrity

  • John Walker

    As convenient and cool as smart homes sounds. I’ve seen to many networks get hacked. Also internal threats and targeted attacks will remain the most difficult to defend. Maybe employee education will be the next big seen but who knows

  • Pingback: European Offshore Outsourcing Journal 11/12 2013 | World's Latest News Links Hub

Related articles

Topics for this article

[ advertising enquiries ]

Share
  • BURN MEDIA TV

    WATCH THE LATEST EPISODE NOW
    Latest Episode
    Data woes? Here are 6 data saving tips for your smartphone

MORE HEADLINES

news

VIEW MORE

interviews

VIEW MORE

future trends

VIEW MORE

entrepreneurship

VIEW MORE

social media

VIEW MORE

facebook

VIEW MORE

twitter

VIEW MORE

google

VIEW MORE

advertising & marketing

VIEW MORE

online media

VIEW MORE

design

VIEW MORE

mobile

VIEW MORE

More in Future Trends

Disruption and the mobile mind shift: welcome to the age of the customer [#LeWeb]

Read More »