10 Cyber Security Predictions for 2015

Uploaded on 2014-07-22 in NEWS-Cybersecurity News, FREE TO VIEW

1. Active defensive and offensive security continues to rise

The previously predicted cycles of offensive security will continue to unfold. Huge investments by large customers will fuel the market, driving commercial security and defense organizations to develop and offer new product and services. The talent pool is absorbed, which will both leave a void education institutions will race to fill, driving salaries upward. Support functions such as forensics, investigations, and detection/response capabilities are going to be the first to mature.

2. Expansion of financial targets, with attacks going deeper, faster, and with more complexity

Financial targets will expand well beyond banks and reach more deeply into ecommerce, crypto currencies, credit institutions, and end-user financial blackmail. Banks will continue to be under tremendous pressure from attackers seeking a big score. However, other supporting financial targets will also come under attack, such as retail point-of-sale (POS), large Internet ecommerce systems, and credit institution infrastructures.

One of the most interesting trends we will witness will be the exploitation, theft, and misuse of crypto-currencies like Bitcoin and its competitors. These technology-based fiat currencies are relatively new to exist and very unstable. Dozens exist - Bitcoin is the most recognizable example - and more are sure to be created. They are not backed by any central organization or commodity and can simply be created through software and willing users. Such crypto-currencies are very volatile and many have imploded with no residual value for their owners. For the few which survive and gain acceptance, they may be used to purchase goods, services, and even other currencies around the globe.

3. Economic impacts of privacy and cyber-crime will be sufficient enough to influence policy

Better industry metrics and business modeling will help the industry quantify economic impacts of privacy and malicious cyber activities. Armed with such information, policies will be lobbied to protect businesses, markets, and interests. A rise in lobbyists and social groups will drive more legislative proposals in local, regional, and international political circles. Cloud and data virtualization, communication services, and data collection/aggregation will be at the forefront of the discussions.

4. The next battleground emerges, with Hardware and Firmware attacks becoming more prolific

The desire for more pervasive, stealthy, and resilient control by attackers will drive hardware- and firmware-based attacks to gain momentum and real exploits will be seen in the wild. Well-financed, talented, and dedicated teams (such as those by governments, organized cyber-criminals, and the next generation of researchers) will be best suited to address the difficulty, challenges and costs associated with this type of work
.
This will coincide with the emergence of new SoC’s as part of the Internet of Things (IoT) phenomenon and align with desires to compromise industrial environments (ex. SCADA). Alternatively, better security controls and services will be developed for industrial environments, creating yet another area of escalation between attackers and defenders.

5. Security technology improves for some key areas, making compromise more difficult

Investments in security controls will reap benefits in other areas. Banking access and applications will become stronger, especially from mobile devices. Communications will be hardened for email, social postings, web browsing, instant messaging, IP phone calls, group chats, and video conferencing. Social media will get the double-sided benefit of more secure access, posting, and storage as well as the ability for patrons to contribute to sites in more anonymous and private ways.

6. Attackers innovate and adapt at a significantly faster pace than security, maneuvering for greater overall opportunities

A flood of investment, talent, and time will be spent looking for more vulnerabilities and ways to exploit the cyber world. Such competition will drive exploit markets, shrink the time of discovery, and drive an expansion of the types of systems being scrutinized. Attackers will move in-step with technology innovation and adoption. Emerging devices and security mechanisms will be quickly analyzed and dissected. Security will continue to struggle to keep up, and will likely fail more often.

7. Cloud will grow, but security concerns will drive more compartmentalization and controls

Cloud and virtualization technologies in the datacenter will continue to grow and deliver strong economic and service delivery benefits but newfound emphasis on security will drive changes to architecture, physical deployments, and control attestation. Customers will want assurance that their workloads are more compartmentalized and secure.

We may even see the emergence of more private Internets.

8. Rise in individual and small and medium business (SMB) attacks, due to automation and economies of scale for attacks

SMB’s and individuals have always been targeted, mostly due to the typical lack of security and ease of compromise. It has been a problem, but traditionally most attackers seek higher value targets. The low value of SMBs and individuals greatly limit their desirability for attackers, who are lured toward attacking fewer targets with the potential of much bigger returns.

For a long time, large organizations weren’t terribly secure, but over the years they have been closing vulnerabilities and improving security practices. The tipping point is approaching this year where through the use of advanced automation it becomes economical to expand the tactics. Attackers will diversify to include compromising many smaller easy targets instead of just a few larger more protected ones.

9. Regulations and industry standards continue to evolve in a fragmented way and will remain confusing and difficult to follow

The calls for more regulations and controls, sometimes focused on limiting what governments can do, are increasing. The concerns for weak critical infrastructures and regulated environments, such as healthcare and finance, continue to spawn legislative proposals for more laws and standards. Many of these originate in sub-national bodies and rarely attain a common agreement at the international levels.

Consequently, it fosters situations ripe for lawsuits, injunctions, and non-compliance findings, adding pain to frustration.

10. Rise in social self-awareness for security. People realize behavioral cause-and-effect “We are victims of our own desires…”

People are an integral part of security and our behaviors are one of the most important aspects. However, psychologically, most people defer the responsibility of security to other entities such as product manufacturers, software vendors, service owners, law enforcement, or system administrators.

Our desires for convenience, social communication, entertainment, and profit are driving dangerous actions that lead to compromise and loss. People will begin to act with more forethought, will consider risks more carefully, and will weigh options when it comes to their digital lives. It could be a watershed moment for the security industry.

Intel: http://intel.ly/1RGgZnk

 

« Desmond investment bets on spooks to win cyber war
Most UK Police Forces don’t investigate Cyber Crime »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Prolinx

Prolinx

Prolinx provide secure Data Centre hosting services and other fully managed security services for networks and information systems.

Qolcom

Qolcom

Qolcom is a leading UK based integrator of secure wireless network and mobile device management solutions.

Conix

Conix

Conix offerings include Governance and Risk Management, Auditing and Penetration Testing, Digital Forensics, Managed Security Operations Centre (SOC).

7Safe

7Safe

7Safe has been delivering hands-on digital security training courses since 2001 and offer e a portfolio of university and industry-accredited courses.

PROMIA

PROMIA

PROMIA is in the business of providing solutions that are designed to support highly secure, reliable, scalable and interoperable business applications.

OEDIV SecuSys

OEDIV SecuSys

OEDIV SecuSys (formerly iSM Secu-Sys) develops high-quality IT software solutions, setting standards as a technology leader in the area of identity and access management.

Blaick Technologies

Blaick Technologies

Blaick is an Israeli cyber-security company which deploys proprietary Artificial Intelligence threats detection technology for early prevention of online cyber crime.

Safe Systems

Safe Systems

Safe Systems provide compliance centric IT services for community banks and credit unions, ensuring that they are kept up to date on current technologies, security risks, and regulatory changes.

PKI Solutions

PKI Solutions

PKI Solutions offers Public Key Infrastructure (PKI) products, services, and training to help ensure the security of organizations now and in the future.

Amazon Web Services (AWS)

Amazon Web Services (AWS)

Amazon Web Services is the world’s most comprehensive and broadly adopted cloud platform, offering fully featured services from data centers globally.

Three Wire Systems

Three Wire Systems

Three Wire is a leader in innovative and efficient technology solutions for government agencies and large enterprise corporations.

Worksent Technologies

Worksent Technologies

Worksent is a Trusted white-label offshore support partner for MSPs and MSSPs.

Cloud & More

Cloud & More

Tired of impersonal IT support? Experience the Cloud & More difference. We offer tailored IT services with a personal touch, ensuring your business technology runs smoothly.

Datacom

Datacom

Datacom design, build and run IT systems and processes across operations, cybersecurity, cloud, digital platforms, payroll and enterprise applications.

Cyberdise

Cyberdise

Cyberdise is an AI-driven cybersecurity awareness solution designed for companies with complex security requirements.

Infratech

Infratech

Infratech is a leading Saudi company providing cutting-edge services and solutions in IT Infrastructure, IT Security and Digital Transformation.