To put it mildly, 2014 was bad year for many IT security professionals. The number of threats to network security increased significantly, more computer systems were breached than in previous years, and more confidential records exposed than in the previous 12 months.
The threat landscape is constantly changing, but 2014 saw incredible volumes of new malware released and a considerable number of zero day exploits succeed. Many IT security professional will be glad to see the back of 2014. Unfortunately, 2015 doesn’t look like it will be any better. Many predict it will even be worse.
2014 started badly with the discovery of a number of cyberattacks. Hackers had gained access to computer systems in 2013, or even earlier in many cases, but 2014 was when the attacks were discovered and a large volume of brown substance hit the fan.
The discoveries were shocking. Incomprehensible amounts of data had been compromised and listed for sale. The country was still reeling from the cyberattack on Target, and then came the announcement of mega data breaches at Neiman Marcus and Home Depot. P.F. Chang’s had customer credit card details exposed from 33 of its restaurants, JP Morgan was affected by a major data breach, as was Michael’s. The healthcare industry was also badly hit. Community Health Systems suffered a major data breach exposing 4.5 million records and even the U.S. Postal service was targeted. 800,000 employee records were exposed in that attack.
Then there was the attack on Sony. That data breach caused an incredible amount of damage, with the hacking group responsible not apparently looking for money. The attack was carried out by a group called “Guardians of the Peace,” supposedly located in North Korea and backed by Kim Jong-Un. As a result of the breach, Sony Pictures even stopped the Christmas release of the “The Interview” movie. The film parodied the North Korean leader and even depicted his death. The leader of the Democratic People’s Republic of Korea was reportedly none too happy about the film and the content of the movie was allegedly a motive behind the attack.
Now that “The Year of the Data Breach” (as it has been dubbed) has finally come to an end, it is a time to look forward to the New Year. Unfortunately, many industry experts have predicted an increase in the number of hacking incidents over the coming 12 months. 2015 is unlikely to be any better for IT security professionals.
The reason? Despite efforts being made by many organizations to address security vulnerabilities, many still exist. We are also no longer dealing with individual hackers operating out of bedrooms in their parents’ houses. International groups of hackers are targeting organizations in the United States and are receiving funding from foreign governments. Some of the world’s most talented hackers are being funded to attack the United States, U.K., and just about every other company in the Western world.
So with the increasing threat, how is it possible to defend against cyberattacks, block malware, and beat malicious insiders. Fortunately, there have been a number of lessons learned from the data breaches suffered in 2014. Security trends have been identified and it is possible to implement a range of security solutions to prevent corporate networks from attack. Being forewarned is being forearmed! Here are SpamTitan’s cybersecurity predictions for 2015
Cybersecurity Predictions for 2015
Expect more mega data breaches
The more data that is held by an organization, the bigger target it becomes. The aim of many hacking groups is not to obtain money, but to use cyberattacks to cause financial havoc. Successful cyberattacks cause companies to incur incredible losses and can affect the financial markets. The data breaches have a huge effect on the economy, one of the aims of foreign-government backed hacking groups. These attacks will not only continue; they are likely to get a lot worse.
Healthcare and education sectors will be major targets
Expect to see data breaches the like of which have never been seen before. The financial and retail sectors will continue to be targeted, but 2015 is likely to see healthcare and education hit particularly hard. Student and medical records are particularly valuable to cybercriminals. The data contained in medical and student records can be used to commit a multitude of fraud: medical fraud, insurance fraud, and tax fraud for example. Identities can be stolen allowing credit to be obtained in the victims’ names. Universities were targeted in 2014, as were healthcare institutions. Expect more of the same in 2015.
Email will continue to be used as an attack vector
Virtually everyone now has an email account. Many have a separate email address for work and for personal use. Email is one of the easiest ways of getting in contact with people, and spammers are well aware how easy it is to get an account holder to click on a link to a malicious website, or to open an email attachment that has been infected with malware.
Email is used to “phish” for sensitive information that allows criminals to gain access to credit card numbers and bank accounts. Computers and mobile phones can all too easily be compromised, and the potential rewards for criminals are high. Phishing emails and other spam and scam emails are expected to increase during 2015.
Vulnerabilities in web applications will be targeted
2014 saw a number of zero day vulnerabilities discovered in popular software applications and we can expect more of the same in 2015. There was Heartbleed, which was a potentially catastrophic vulnerability. Shellshock was also particularly worrisome. It is likely that these are just the tip of a very large iceberg.
At first it was thought that these security vulnerabilities had not been found and exploited by hackers. Unfortunately, this would appear not to be the case. The hack of healthcare provider Community Health Systems exposed 4.5 million patient records. It is believed that the cyberattack was made possible because of Heartbleed.
Attacks on mobile devices are likely to increase
Ownership of Smartphones and tablets has increased considerably and so has the volume of personal data stored on those devices. Smartphones permit the user to access email accounts, bank accounts and social media networks. Many people track their movements using the devices and record exercise data. If a device can be accessed, a considerable amount of personal data can be obtained.
Unfortunately, many of the applications downloaded to the devices contain numerous security vulnerabilities. Even the platforms themselves (Android and iOS) contain many security holes. Hackers and cybercriminals are well aware that mobile devices can contain a goldmine of data and, with the increasing popularity of Bring Your Own Device (BYOD) schemes, mobiles can even be used to launch attacks on corporate networks. Expect mobile devices to be implicated in more corporate security breaches and millions of users’ data to be plundered in 2015.
The threat landscape is constantly changing and there are more malicious attacks being reported than ever before. The seriousness of those attacks has also increased. Consequently, organizations must invest more heavily in network and cybersecurity defenses. The companies that fail to increase cybersecurity spending are likely to become the next targets.