4 Dec 2014
Predicting the future is easy – take a long look at what’s happening now and hit the mental fast forward button. But in 2015 the rewind button will be equally useful. We don’t have a fail-proof crystal ball but we suspect that old-school style hacktivisim will share the headlines with emerging threats against devices and virtual payment systems. And we think this might be the year when hackers and data scientists will wage their own personal war, with both sides using Big Data as their weapon of choice. Read on for the details and more of our predictions. Data Destruction Look for an increase in malware that extracts information and then destroys the systems that housed the data. This capability could be used to hold data or entire networks for ransom or cover malicious hackers’ tracks by deleting every trace of their presence. Malware may also be programmed to self-destruct if it feels threatened – perhaps when a system is taken offline for remediation. Now is a good time to update your incident response plan to include a process that addresses imminent and wide-scale data destruction. Fraud Management Financial institutions will lead the way in using proven fraud discovery and management techniques to thwart phishing attempts. Solutions that can effectively spot the patterns that indicate fraud can be used to defend against social engineering. Predictive analytics won’t solve the phishing problem, but it will be a big part of the solution. Look for smarter ways to combat social engineering attacks. Training alone isn’t enough. Third-Party Risk Control There’s been a lot of chatter for the last few years about supply chain, vendor and partner security. 2015 is the year it will finally top everyone’s to-do lists. No business is an island unto itself, and companies will begin demanding independent (and regular) security and compliance testing before they sign a contract with a third party. Expect to see security extended to remote/mobile workers as well, with monitoring and enforcement of personal and business-owned device security policies becoming more of a priority. Hacktivist vs. Cyberwarrior The notoriety of Anonymous will further spawn politically motivated collectives around the globe, as countries continue to explore the effectiveness of cyberwar tactics. Government-run hacking military divisions will be featured in mainstream news, while hacktivists will globally share tools and techniques. Perhaps Hacktivism as a Service (HaaS) will become a new career path. Consider your risk profile – are you an attractive target for hacktivists or cyberspies? – and adjust your defenses accordingly. Big Data Fuels Cybercrime Using information from publicly available and compromised corporate systems, malicious hackers will take deep dives into data to determine the best way to craft highly-targeted attacks against carefully selected entities. Verifying trustworthiness is going to be a huge issue in 2015. Increased Targeting Of Devices From mobile devices to ATMs, and M2M virtual payment systems, we expect to see targeted attacks on the “internet of things.” Malicious hackers follow the money, and devices are moving the money around. Watch for sophisticated attacks aimed at manipulating ATM operating systems, and a move away from devices such as skimmers. Mobile app developers need to really focus on building security into the development cycle, and testing everything thoroughly no matter how tight the deadlines are.