Friday, 22 November 2013

What the future holds – eight IT security predictions for next year


Hope for the best and prepare for the worst. It may sound like an old cliché, but being prepared is the foundation of great IT security. This year we’ve seen some high-profile data breaches, ransom-demandingmalware and prominent cybercriminal arrests. After an eventful 2013, we are curious about what 2014 brings, and so are cyber-security researchers from Websense Security Labs, who compiled a list of their predictions* for the New Year.

Lower levels of advanced malware

According to Websense ThreatSeeker Intelligence Cloud, the quantity of new malware is heading towards a decline. However, this is bad news for companies, because cybercriminals are likely to switch to lower volume, more targeted attacks to decrease the risk of detection. Long story short, there’ll be less attacks, but they’ll bear greater risk.

There’s a major data-destruction attack on the horizon

In the past, network breaches have mostly been about selling information for money. In 2014, enterprises should be concerned about hackers destroying data. Small and medium-sized companies should also stay alert, as ransomware attacks are expected to target them.

Cloud data over network

Loads of sensitive business data have been moved to the cloud in the last few years. Therefore, it seems logical and perhaps even convenient for hackers to adopt a new approach, and target clouds rather than on-premise servers.

Power struggle in the exploit kit market

Following the arrest of “Paunch”, the alleged creator of the Blackhole exploit kit, the market is likely to see a power struggle for the leading position. The Neutrino and Redkit exploit kits are expected to consolidate their positions in 2014.

Java will remain exploitable and therefore exploited

As most end point will continue running older versions of Java, they’ll be highly exploitable. Next year, cybercriminals will put great effort into developing new, multi-stage attacks, as well as making us of tried-and-true methods.

BreachedIn aka compromising organisations via social networks

Cybercriminals are expected to come up with more and more ways of luring executives and compromising networks, with the help of professional social media platforms, such as LinkedIn.

Only the strong ones will survive

This may sound a bit over the top, but similarly to a food chain, the weakest ones will be the primary targets. Obviously, they do not have to be afraid of being eaten, but if they’re the “weakest links”, they must watch their backs to avoid serious breaches.

“Offensive” security mistakes are likely to happen

Retaliatory actions against (alleged) attackers are the basis of “offensive” security. However, as in real warfare, tactical mistakes can happen, which might put innocent organisations in the crossfire.

*Original article written by Information Age editor, Ben Rossi. 

About the Author:        
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Sarah has 11 years of experience in the IT industry.