10 Cyber Security Predictions for 2015

Uploaded on 2014-07-22 in NEWS-Cybersecurity News, FREE TO VIEW

1. Active defensive and offensive security continues to rise

The previously predicted cycles of offensive security will continue to unfold. Huge investments by large customers will fuel the market, driving commercial security and defense organizations to develop and offer new product and services. The talent pool is absorbed, which will both leave a void education institutions will race to fill, driving salaries upward. Support functions such as forensics, investigations, and detection/response capabilities are going to be the first to mature.

2. Expansion of financial targets, with attacks going deeper, faster, and with more complexity

Financial targets will expand well beyond banks and reach more deeply into ecommerce, crypto currencies, credit institutions, and end-user financial blackmail. Banks will continue to be under tremendous pressure from attackers seeking a big score. However, other supporting financial targets will also come under attack, such as retail point-of-sale (POS), large Internet ecommerce systems, and credit institution infrastructures.

One of the most interesting trends we will witness will be the exploitation, theft, and misuse of crypto-currencies like Bitcoin and its competitors. These technology-based fiat currencies are relatively new to exist and very unstable. Dozens exist - Bitcoin is the most recognizable example - and more are sure to be created. They are not backed by any central organization or commodity and can simply be created through software and willing users. Such crypto-currencies are very volatile and many have imploded with no residual value for their owners. For the few which survive and gain acceptance, they may be used to purchase goods, services, and even other currencies around the globe.

3. Economic impacts of privacy and cyber-crime will be sufficient enough to influence policy

Better industry metrics and business modeling will help the industry quantify economic impacts of privacy and malicious cyber activities. Armed with such information, policies will be lobbied to protect businesses, markets, and interests. A rise in lobbyists and social groups will drive more legislative proposals in local, regional, and international political circles. Cloud and data virtualization, communication services, and data collection/aggregation will be at the forefront of the discussions.

4. The next battleground emerges, with Hardware and Firmware attacks becoming more prolific

The desire for more pervasive, stealthy, and resilient control by attackers will drive hardware- and firmware-based attacks to gain momentum and real exploits will be seen in the wild. Well-financed, talented, and dedicated teams (such as those by governments, organized cyber-criminals, and the next generation of researchers) will be best suited to address the difficulty, challenges and costs associated with this type of work
.
This will coincide with the emergence of new SoC’s as part of the Internet of Things (IoT) phenomenon and align with desires to compromise industrial environments (ex. SCADA). Alternatively, better security controls and services will be developed for industrial environments, creating yet another area of escalation between attackers and defenders.

5. Security technology improves for some key areas, making compromise more difficult

Investments in security controls will reap benefits in other areas. Banking access and applications will become stronger, especially from mobile devices. Communications will be hardened for email, social postings, web browsing, instant messaging, IP phone calls, group chats, and video conferencing. Social media will get the double-sided benefit of more secure access, posting, and storage as well as the ability for patrons to contribute to sites in more anonymous and private ways.

6. Attackers innovate and adapt at a significantly faster pace than security, maneuvering for greater overall opportunities

A flood of investment, talent, and time will be spent looking for more vulnerabilities and ways to exploit the cyber world. Such competition will drive exploit markets, shrink the time of discovery, and drive an expansion of the types of systems being scrutinized. Attackers will move in-step with technology innovation and adoption. Emerging devices and security mechanisms will be quickly analyzed and dissected. Security will continue to struggle to keep up, and will likely fail more often.

7. Cloud will grow, but security concerns will drive more compartmentalization and controls

Cloud and virtualization technologies in the datacenter will continue to grow and deliver strong economic and service delivery benefits but newfound emphasis on security will drive changes to architecture, physical deployments, and control attestation. Customers will want assurance that their workloads are more compartmentalized and secure.

We may even see the emergence of more private Internets.

8. Rise in individual and small and medium business (SMB) attacks, due to automation and economies of scale for attacks

SMB’s and individuals have always been targeted, mostly due to the typical lack of security and ease of compromise. It has been a problem, but traditionally most attackers seek higher value targets. The low value of SMBs and individuals greatly limit their desirability for attackers, who are lured toward attacking fewer targets with the potential of much bigger returns.

For a long time, large organizations weren’t terribly secure, but over the years they have been closing vulnerabilities and improving security practices. The tipping point is approaching this year where through the use of advanced automation it becomes economical to expand the tactics. Attackers will diversify to include compromising many smaller easy targets instead of just a few larger more protected ones.

9. Regulations and industry standards continue to evolve in a fragmented way and will remain confusing and difficult to follow

The calls for more regulations and controls, sometimes focused on limiting what governments can do, are increasing. The concerns for weak critical infrastructures and regulated environments, such as healthcare and finance, continue to spawn legislative proposals for more laws and standards. Many of these originate in sub-national bodies and rarely attain a common agreement at the international levels.

Consequently, it fosters situations ripe for lawsuits, injunctions, and non-compliance findings, adding pain to frustration.

10. Rise in social self-awareness for security. People realize behavioral cause-and-effect “We are victims of our own desires…”

People are an integral part of security and our behaviors are one of the most important aspects. However, psychologically, most people defer the responsibility of security to other entities such as product manufacturers, software vendors, service owners, law enforcement, or system administrators.

Our desires for convenience, social communication, entertainment, and profit are driving dangerous actions that lead to compromise and loss. People will begin to act with more forethought, will consider risks more carefully, and will weigh options when it comes to their digital lives. It could be a watershed moment for the security industry.

Intel: http://intel.ly/1RGgZnk

 

« Desmond investment bets on spooks to win cyber war
Most UK Police Forces don’t investigate Cyber Crime »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

CyberDefenses

CyberDefenses

CyberDefenses services combine best-in-class cybersecurity oversight, managed services and training to help our clients truly address their cybersecurity challenges.

Secure360

Secure360

Secure360 focuses on the following key areas: governance, risk and compliance, information security, physical security, business continuity management, and professional development.

BlueID

BlueID

BlueID is an IDaaS technology product which enables your objects to securely connect and interact with your users’ smart phones and smart watches.

Sentia

Sentia

Sentia is an IT and infrastructure firm, with focus on Outsourcing, IT operation and management, Hosting, Co-location, Network, and IT security.

Crest International

Crest International

Crest is focused on professionalizing the technical cyber security market whilst driving quality and standards of organizations that operate within it.

Mitchell Sandham

Mitchell Sandham

Mitchell Sandham is an, independent insurance and financial services brokerage. Business products include Cyber/Privacy Liability insurance.

BitSight Technologies

BitSight Technologies

BitSight transforms how companies manage information security risk with objective, verifiable and actionable Security Ratings.

New Zealand Internet Task Force (NZITF)

New Zealand Internet Task Force (NZITF)

The New Zealand Internet Task Force (NZITF) is a non-profit with the mission of improving the cyber security posture of New Zealand.

Balbix

Balbix

Balbix BreachControl™ is the industry’s first system to leverage specialized AI to provide comprehensive and continuous predictive assessment of breach risk.

ScorpionShield

ScorpionShield

ScorpionShield CyberSecurity is an EC-Council Accredited Training Center, and an On-Demand Service for Cybersecurity professionals.

Rocky Mountain Cybersecurity

Rocky Mountain Cybersecurity

Rocky Mountain Cybersecurity's mission is to provide value by dramatically improving the cybersecurity posture of our clients and business partners.

Transparity Cyber

Transparity Cyber

Transparity Cyber is dedicated to cybersecurity. As part of the Transparity Group we’re an established name in the Microsoft Cloud landscape, with a focus on cybersecurity excellence.

Oivan

Oivan

Oivan harnesses the strengths of the web, mobile, cloud, cybersecurity, and blockchain technologies to help our clients to launch transformative digital services.

Sonet.io

Sonet.io

Sonet.io is built for IT leaders that want a great experience for their remote workers, while enhancing security and observability.

ThreatNix

ThreatNix

ThreatNix is a tight knit group of experienced security professionals who are committed to providing competent cybersecurity solutions that adhere to international standards.

Cyber Defense International (CDI)

Cyber Defense International (CDI)

At CDI, we utilize decades of experience in designing and building large-scale cybersecurity programs, creating tailored solutions and services that protect businesses from cyber threats.