Security threats to watch out for in 2015
Indian enterprises are getting more vigilant about implementing correct security measures in order to save their confidential and valuable data. The enterprises have understood the implications of ineffective info-security measures. As the awareness for cyber-security is on the rise, various organizations and even the consumers are identifying the need for the essential security measures to combat various threats. It has been observed that traditionally the companies used to spend a lot on the end-point management, but now the companies are spending a lot on addressing and detecting the threats. The size of the information security market in India in 2012 was Rs 1,200 crore and now it has grown to 18% to Rs 1,415 crore, this highlights the seriousness of the companies towards security. In order to protect the enterprises from various threats and cyber-crimes, many security companies have released the threats to look out for in the coming year.
Speaking about the emerging cyber-attacks, Costin Raiu, Director of GReAT at Kaspersky Lab, says, “If we can call 2014‘sophisticated’, then the word for 2015 will be ‘elusive’. We believe that APT groups will evolve to become stealthier and sneakier, in order to better avoid exposure. This year we’ve already discovered APT players using several zero-days, and we’ve observed new persistence and stealth techniques. We have used this to develop and deploy several new defense mechanisms for our users”.
The techniques of cybercriminals are also enhancing with each attack. Their attacks are becoming more sophisticated and they are focusing more on targeted attacks. Talking about the same, Dhanya Thakkar, Managing Director, India & SEA, Trend Micro, said, “What we are seeing today is not a huge surprise but rather the velocity and brutal measures cybercriminals are using to steal information. Following the success of targeted attacks from Chinese and Russian cybercriminals, many hackers from other countries will regard cyber-attacks as a more practical method to grab a foothold in an organization. Additionally, with the incessant barrage of data breaches emerging almost daily, it’s reasonable to presume that data breaches will be essentially regarded as a common offshoot of the present threat landscape.”
In order to help you to protect your enterprises and your valuable data we bring you the list of cyber threats that can emerge in 2015. The list will enable you to plan your security measures in a better way.
- Cyber warfare and espionage tactics on the rise
These types of attacks help the hackers to steal more and more information and disrupt the functioning of the organisation. These types of attacks are set to increase in the coming year as long-term players will become stealthier information gatherers. Along with this the nation-state actors will improve their ability to remain hidden on the systems and networks of the victim. They will also focus more on tracking the systems and gathering high-value intelligence on individuals, intellectual property, and operational intelligence. It has also been predicted that small nation states and terror groups will use cyber warfare as a way to attack.
- Internet of Things prone to greater attacks
IoT is gaining immense popularity and it is in the growing phase. The rush to deploy IoT devices at scale will outpace the priorities of security and privacy. This urgency and the growing value of data gathered, processed, and shared by these devices will draw the first notable IoT paradigm attacks in 2015. The IoT devices in the sectors like health care could provide malicious parties access to personal data even more valuable than credit card data. The cybercrime community currently values stolen health credentials at around $10 each, which is about 10 to 20 times the value of a stolen credit card number. So, it is advisable to take precautionary measures in this segment.
- The Data privacy
Data privacy is one segment where governments and businesses continue to struggle with what is fair and authorized access to inconsistently defined “personal information.” The various security labs predicts that in 2015 we will witness in-going discussion and lack of clarity around what constitutes “personal information” and to what extent that information may be accessed and shared by state or private actors. Along with this there will be evolution in scope and content of data privacy rules and regulations; we may even see laws begin to regulate the use of previously anonymous data sets. Many of the countries around the globe will pass stringent laws and regulations related to data privacy.
- Secure your cloud
In 2015, we expect to see more and more data hosted in the cloud but as this move occurs, businesses will need to take a closer look at data governance and ensuring their data is cleaned before it is hosted in the cloud. Legacy data left unmanaged will continue to accumulate and present a persistent challenge for businesses. Ransomeware will develop its ways of propagation, encryption, and the targets it seeks. More mobile devices are likely to suffer attacks. It will try to evade the security software and attempt to exploit the logged-on user’s stored credentials to also infect backed-up cloud storage data. So, it’s better if you take essential measures to keep your cloud safe and secure.
- Distributed denial-of-service (DDoS) to rise as a threat
Yet another trend seen in 2014 is the escalation in Unix servers being conceded and their high bandwidth being used in DDoS attacks. The inspiration of the attacker can vary widely, with hacktivism, profit, and disputes being the main motives. Bearing in mind the comfort of conducting large DDoS attacks, the security labs believes that the DDoS growth trend will continue in the future. The likelihood of being targeted by short but intensive DDoS attacks is rising. This will also drive a significant rise in non-Windows malware as attackers look to exploit the vulnerability.
- POS attacks to rise with increase in digital payments
POS the point of sale attacks is a profitable and a significant upturn in consumer adoption of digital payment systems on mobile devices. However, this medium is at high risk and is exploited the most by the hackers. The POS breaches in 2015 will be based completely on numbers of POS devices that will need to be upgraded. Moreover, NFC another digital payment mode will emerge as a new surface for attack for the hackers. Speaking about the same, JD Sherry, vice president of technology and solutions, Trend Micro, comments, “The payment ecosystem will continue to evolve. Massive transformation is upon us and we will continue to see threat actors trying to manipulate Near Field Communications (NFC) as certain platforms gain momentum due to their significant following and user’s penchant for adopting the latest and greatest technology.”
- Smart devices under the scanner
The security predictions for 2015 also indicate an increase in the exploitation of smart devices such as smart cameras, appliances and TV’s as cybercriminals become more belligerent at targeting these platforms as well as the organizations who manage the data. The market pressure push device manufacturers to introduce more and more smart devices without security in mind to meet the rising demand, so will attackers increasingly find vulnerabilities to exploit for their own gain. Talking about the smart devices trend, Sherry said, “Smart homes and home automation will continue to proliferate across the globe, further increasing all of our attack surfaces. As such, smart device manufactures must consider how to secure the data that resides in these devices not just the devices themselves.”
- Escaping the sandbox will become a significant IT security battlefield
Vulnerabilities have been identified in the sandboxing technologies implemented with critical and popular applications. The security labs intimate about the growth in the number of techniques to exploit those vulnerabilities and escape application sandboxes. Moreover, it will also bring malware which can exploit hypervisor vulnerabilities to break out of some security vendors’ standalone sandbox systems.
- Online banking and financial services
It has been seen that the trend of online banking is very much in vogue. It saves time and also frees one from standing in the long queues at the banks. However, this segment in also prone to the increase number of attacks in the coming year. The threats around banking will continue to become more severe as more unique cybercrime attacks against financial institutions also emerge and financial and banking intuitions must implement two-factor authentication for online services.
10. Take care of your mobile devices
Mobile devices will continue to become a target for cyber attackers especially when mobile devices store up a trove of personal and confidential information and are left switched on all the time, making them the perfect targets for attackers. Mobile devices will become even more valuable as mobile carriers and retail stores transition to mobile payments. The growing availability of malware-generation kits and malware source code for mobile devices will lower the barrier to entry for cybercriminals targeting these devices. Along with this, untrusted app stores will continue to be a major source of mobile malware. Traffic to these stores will be driven by “malvertising,” which has grown quickly on mobile platforms.
Conclusion
These are some of the serious threats which can harm the security of your organisation if it’s not safeguarded properly. Commenting on the security threats, Vincent Weafer, Senior Vice President, McAfee Labs, part of Intel Security, said “The year 2014 will be remembered as ‘the Year of Shaken Trust. This unprecedented series of events shook industry confidence in long-standing Internet trust models, consumer confidence in organizations’ abilities to protect their data, and organizations’ confidence in their ability to detect and deflect targeted attacks in a timely manner. Restoring trust in 2015 will require stronger industry collaboration, new standards for a new threat landscape, and new security postures that shrink time-to-detection through the superior use of threat data. Ultimately, we need to get to a security model that’s built-in by design, seamlessly integrated into every device at every layer of the compute stack.”
The labs also suggest that the fight against cybercrime cannot be won alone and the security industry together with telecommunication providers and governments from around the world should join forces to beat the war on cybercrime. The security industry is one of few in the world that has a ‘nemesis industry’ constantly working against it to bring it down. That’s why beating the war on cybercrime requires a different approach.