Massive, high-profile data breaches pockmarked 2014, culminating in the bizarre events surrounding the hack of Sony Pictures — allegedly by North Korea in retaliation for the politically incorrect stoner comedy The Interview. That's a tough act to follow, but I'm sure 2015 will make an effort. I spoke with security experts to find out what we have to look forward to.
1. IoT: The Insecurity of Things
The Internet of Things has become an inundation of things. Hundreds of innovative, connected devices have emerged to interact with, track, monitor, and simplify just about every area of our lives. But these technologies typically have access to sensitive, personal information, and they also introduce a wide variety of new security issues for attackers to exploit.
2015 may be the year that IoT takes on a new meaning — the Insecurity of Things. "In previous years the Internet of Things was not a big deal," warns Robert Hansen, VP of WhiteHat Labs for WhiteHat Security, "but we're seeing an increasing number of vulnerabilities in internet capable devices, like TVs, home security systems, automation."
2. Sophisticated DDoS Attacks
Denial-of-service attacks are more of an annoyance than anything else. They don't directly steal your information, or cause any overt harm — they just flood a site or service with so much traffic that it becomes overwhelmed and prevents legitimate users from connecting to it. As many Xbox and PlayStation gamers learned over the holidays, though, DDoS attacks are becoming more advanced, and have a very real impact.
"In 2014, DDoS attacks became much more sophisticated. Though much of the reporting focused on the size of attacks, a more troubling trend was the advancement in attack techniques," stresses Barry Shteiman, director of security strategy for Imperva. He notes that attackers have evolved beyond simple flooding of traffic, and can now morph and adapt based on the defenses in place on the target network.
3. Social Media attacks
Mark Bermingham, director of global B2B marketing at Kaspersky Lab, anticipates a rise in social media and waterholing attacks — compromising a website or service commonly used by the target group in an effort to infect one or more of them, and allow the malware to spread from there. Attackers continue to develop new techniques to exploit social networks. As Bermingham puts it, "Security measures can't overcome stolen credentials and click-throughs to dubious links."
Kevin Epstein, VP of advanced security and governance at Proofpoint, agrees that social media attacks are a serious concern for 2015. In a recent blog post, he notes, "In 2015, Proofpoint expects inappropriate or malicious social media content to grow 400 percent as attackers target enterprise social media accounts to perpetrate confidence schemes, distribute malware, and steal customer data." Greater awareness and vigilance are the best defenses.
Sign up for MIS Asia eNewsletters.