"As security professionals we spend a lot of our time looking for trouble and expecting the worst and in 2014, there were lots of vulnerabilities and threats, such as Heartbleed, Regin and Operation Cleaver,” explained Corey Nachreiner, director of security strategy and research at network security firm Watchguard.
“With so much noise in the market, we wanted to help security professionals focus on what matters the most - and what doesn’t. Hence, five predictions you need to prepare for in 2015 and five you don’t."
Five Things Not to Worry About:
- The Internet of Things will not bring a rise of machines: Embedded computing devices (IoT or IoE) are everywhere and have security flaws. But today’s cyber criminals typically don’t just hack for the heck of it; they need motive. There’s not much value to having control of your watch or TV at this point, so we won’t see hackers targeting them directly, for now.
- Cloud Adoption will not continue its stratospheric climb in 2015: Between the ‘Snowden effect’ and a number of cloud services leaking data, organisations will be more concerned with where they put sensitive information. This doesn’t mean businesses will stop using the cloud where it makes sense; it just proves that we can’t put everything in the cloud.
- Passwords will not die in 2015, or 2016, or 2017…: When bulk password thefts happen, the passwords are not at fault; rather the fault lies with that lack of security from the organisation maintaining them. A better prediction for next year is that two factor authentication will become ubiquitous online and passwords will remain as one of those two factors.
- Secure design will not win over innovation: Humanity is known for diving into innovative technology without considering the consequences. In order to invent and push boundaries, we must take risks. That means security will continue to take a back seat to innovation and that security professionals will have the tough job of weighing the operational benefits of new technologies against their potential security risks.
- SDN will have security implications, but not for years: You won’t have to worry about Software Defined Networks (SDN) security next year or anytime soon! Despite all the hype, SDN is quite a way from primetime adoption.
Five Things to Worry About:
- Nation states lock ‘n load for cyber cold war: Global nations are ratcheting up cyber defence and attack capabilities, quietly launching espionage campaigns against one another and even stealing industrial intellectual property. Expect to see more cyber espionage incidents next year and hear public perception swaying toward an already-occurring cyber cold war where nation states “demonstrate” cyber capabilities.
- Malware jumps platforms from desktop to mobile devices - and bites hard: Malware that jumps from traditional operating systems to mobile platforms, or vice versa is a killer hacking combination, but until now, has not been particularly damaging. In 2015, attackers will find new ways to monetise mobile infections. Expect mobile malware to have more teeth, for example with customised ransomware designed to make your mobile unusable until you pay up.
- Encryption skyrockets - as do government attempts to break it: Encryption adoption is increasing as fast as governments are petitioning for ways to break it for ’law enforcement use’. Security pros must continue to leverage encryption whenever possible; fight for the right to retain private, unbreakable encryption; and build networks that support heavy use of encryption without slowing bandwidth and adversely affecting business.
- Business verticals become new battleground for targeted attacks: How does a cyber-criminal retain the benefits of a targeted attack while still pursuing big victim pools to make lots of money? By targeting business verticals rather than individual organisations. Modern cyber criminals will target businesses of every size as long as they are part of an interesting, profitable business vertical.
- Understanding hacker motives key to defending: Hackers have gone from mischievous kids to cyber activists pushing a message, to organised criminals stealing digital assets, to nation states launching long-term espionage campaigns. Knowing the motives and tactics of various actors helps us understand which ones threaten our organisation the most, and how they prefer to attack.