10 Cyber Security Predictions for 2015

Uploaded on 2014-07-22 in NEWS-Cybersecurity News, FREE TO VIEW

1. Active defensive and offensive security continues to rise

The previously predicted cycles of offensive security will continue to unfold. Huge investments by large customers will fuel the market, driving commercial security and defense organizations to develop and offer new product and services. The talent pool is absorbed, which will both leave a void education institutions will race to fill, driving salaries upward. Support functions such as forensics, investigations, and detection/response capabilities are going to be the first to mature.

2. Expansion of financial targets, with attacks going deeper, faster, and with more complexity

Financial targets will expand well beyond banks and reach more deeply into ecommerce, crypto currencies, credit institutions, and end-user financial blackmail. Banks will continue to be under tremendous pressure from attackers seeking a big score. However, other supporting financial targets will also come under attack, such as retail point-of-sale (POS), large Internet ecommerce systems, and credit institution infrastructures.

One of the most interesting trends we will witness will be the exploitation, theft, and misuse of crypto-currencies like Bitcoin and its competitors. These technology-based fiat currencies are relatively new to exist and very unstable. Dozens exist - Bitcoin is the most recognizable example - and more are sure to be created. They are not backed by any central organization or commodity and can simply be created through software and willing users. Such crypto-currencies are very volatile and many have imploded with no residual value for their owners. For the few which survive and gain acceptance, they may be used to purchase goods, services, and even other currencies around the globe.

3. Economic impacts of privacy and cyber-crime will be sufficient enough to influence policy

Better industry metrics and business modeling will help the industry quantify economic impacts of privacy and malicious cyber activities. Armed with such information, policies will be lobbied to protect businesses, markets, and interests. A rise in lobbyists and social groups will drive more legislative proposals in local, regional, and international political circles. Cloud and data virtualization, communication services, and data collection/aggregation will be at the forefront of the discussions.

4. The next battleground emerges, with Hardware and Firmware attacks becoming more prolific

The desire for more pervasive, stealthy, and resilient control by attackers will drive hardware- and firmware-based attacks to gain momentum and real exploits will be seen in the wild. Well-financed, talented, and dedicated teams (such as those by governments, organized cyber-criminals, and the next generation of researchers) will be best suited to address the difficulty, challenges and costs associated with this type of work
.
This will coincide with the emergence of new SoC’s as part of the Internet of Things (IoT) phenomenon and align with desires to compromise industrial environments (ex. SCADA). Alternatively, better security controls and services will be developed for industrial environments, creating yet another area of escalation between attackers and defenders.

5. Security technology improves for some key areas, making compromise more difficult

Investments in security controls will reap benefits in other areas. Banking access and applications will become stronger, especially from mobile devices. Communications will be hardened for email, social postings, web browsing, instant messaging, IP phone calls, group chats, and video conferencing. Social media will get the double-sided benefit of more secure access, posting, and storage as well as the ability for patrons to contribute to sites in more anonymous and private ways.

6. Attackers innovate and adapt at a significantly faster pace than security, maneuvering for greater overall opportunities

A flood of investment, talent, and time will be spent looking for more vulnerabilities and ways to exploit the cyber world. Such competition will drive exploit markets, shrink the time of discovery, and drive an expansion of the types of systems being scrutinized. Attackers will move in-step with technology innovation and adoption. Emerging devices and security mechanisms will be quickly analyzed and dissected. Security will continue to struggle to keep up, and will likely fail more often.

7. Cloud will grow, but security concerns will drive more compartmentalization and controls

Cloud and virtualization technologies in the datacenter will continue to grow and deliver strong economic and service delivery benefits but newfound emphasis on security will drive changes to architecture, physical deployments, and control attestation. Customers will want assurance that their workloads are more compartmentalized and secure.

We may even see the emergence of more private Internets.

8. Rise in individual and small and medium business (SMB) attacks, due to automation and economies of scale for attacks

SMB’s and individuals have always been targeted, mostly due to the typical lack of security and ease of compromise. It has been a problem, but traditionally most attackers seek higher value targets. The low value of SMBs and individuals greatly limit their desirability for attackers, who are lured toward attacking fewer targets with the potential of much bigger returns.

For a long time, large organizations weren’t terribly secure, but over the years they have been closing vulnerabilities and improving security practices. The tipping point is approaching this year where through the use of advanced automation it becomes economical to expand the tactics. Attackers will diversify to include compromising many smaller easy targets instead of just a few larger more protected ones.

9. Regulations and industry standards continue to evolve in a fragmented way and will remain confusing and difficult to follow

The calls for more regulations and controls, sometimes focused on limiting what governments can do, are increasing. The concerns for weak critical infrastructures and regulated environments, such as healthcare and finance, continue to spawn legislative proposals for more laws and standards. Many of these originate in sub-national bodies and rarely attain a common agreement at the international levels.

Consequently, it fosters situations ripe for lawsuits, injunctions, and non-compliance findings, adding pain to frustration.

10. Rise in social self-awareness for security. People realize behavioral cause-and-effect “We are victims of our own desires…”

People are an integral part of security and our behaviors are one of the most important aspects. However, psychologically, most people defer the responsibility of security to other entities such as product manufacturers, software vendors, service owners, law enforcement, or system administrators.

Our desires for convenience, social communication, entertainment, and profit are driving dangerous actions that lead to compromise and loss. People will begin to act with more forethought, will consider risks more carefully, and will weigh options when it comes to their digital lives. It could be a watershed moment for the security industry.

Intel: http://intel.ly/1RGgZnk

 

« Desmond investment bets on spooks to win cyber war
Most UK Police Forces don’t investigate Cyber Crime »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Leonardo

Leonardo

Leonardo (formerly Finmeccanica) is a global high-tech company in Aerospace, Defence, Security & Information Systems including Cybersecurity & ICT solutions.

The Hacker News (THN)

The Hacker News (THN)

THN is a leading source for Information Security, Hacking News, Cyber Security, Network Security with in-depth technical coverage of issues and events

Orolia

Orolia

Orolia are experts in deploying high precision GPS time through network infrastructure to synchronize critical operations.

Homeland Security Investigations (HSI)

Homeland Security Investigations (HSI)

Homeland Security Investigations (HSI) is a premier federal law enforcement agency within the Department of Homeland Security (DHS).

ControlScan

ControlScan

ControlScan is a Managed Security Services Provider (MSSP) - our primary focus is protecting your business and securing your sensitive data.

MKD-CIRT

MKD-CIRT

MKD-CIRT is the national Computer Incident Response Team for Macedonia.

Neowave

Neowave

Neowave designs, manufactures and markets strong authentication solutions based on smart card components and digital certificates.

Southwest Research Institute (SwRI)

Southwest Research Institute (SwRI)

Southwest Research Institute SwRI are R&D problem solvers providing independent services to government and industry clients. Areas of expertise include Cybersecurity, Intelligent Networks and IoT.

Stamus Networks

Stamus Networks

Stamus Networks offers Scirius Security Platform solutions that marry real-time network traffic data with enhanced Suricata intrusion detection (IDS) and an advanced analytics engine.

BrandShield

BrandShield

BrandShield is an anti-counterfeiting, anti-phishing and online brand protection solution.

Casque SNR

Casque SNR

CASQUE SNR is the next generation of Identity Assurance that has potential to supersede existing solutions. It provides Identity Assurance for both people and things.

GateKeeper Enterprise

GateKeeper Enterprise

The GateKeeper Enterprise software is an identity access management solution. Automated proximity-based authentication into computers and websites. Passwordless login and auto-lock PCs.

Hub71

Hub71

Hub71 is a world-class tech ecosystem opening doors to global opportunities from an optimal business environment for entrepreneurial-minded innovators.

BlockSec

BlockSec

BlockSec is dedicated to building blockchain security infrastructure. The team is founded by top security researchers and experiencedexperts from both academia and industry.

Cybersecurity Elastic Laboratory (CEL)

Cybersecurity Elastic Laboratory (CEL)

CEL specialize in providing top-tier services in vulnerability diagnosis and penetration testing, offering a comprehensive suite of solutions to mitigate cyber risks.

TENEX

TENEX

TENEX is a cybersecurity company leveraging advanced artificial intelligence and human expertise to transform enterprise security.