Summary:Mobile ransomware, insurance claims and striking the supply chain are all expected to make an appearance in 2015.
By Charlie Osborne
Sony is still smarting over a cataclysmic cyberattack, US banks, Target and Staples have all been targeted, and it seems hackers are always one step ahead.
But what can we expect from next year?
Security flaws Heartbleed, Cryptolocker and Shellshock have all had their time in the media spotlight, companies are reviewing their risk management and damage control processes, and investment is being pumped into training the next generation of cybersecurity experts in an attempt to keep corporate network intrusion to a minimum. Mobile and Web-based viruses remain a scourge, and hardly a week goes by without hearing of another data breach or a new strain of malware being discovered in the wild.
According to Greg Day, CTO of the EMEA region at security firm FireEye , these situations are likely to deepen and worsen over the coming year and into 2015.
The security and forensics firm predicts that in the technical realm, mobile ransomware will surge in popularity. Cryptolocker attained a measure of success this year, and so attention is expected to further turn to mobile in order for attackers to gain access to your phone and contacts. The data which will end up locked is centered on cloud accounts, which will be encrypted before the victim is hit with a lock screen and demand for money.
FireEye predicts that point-of-sale (PoS) attacks will also become a more popular method of stealing data and money — and PoS attacks will strike a broader group of victims with increasing frequency. The security firm believes that more creative targeting will evolve as retailers strengthen their defenses and more criminals get into the game. As a result, cyberattacks will spread to “middle layer” targets including payment processors and PoS management firms.
“The danger being that a single successful intrusion could provide access to pools of credit card data from many sources that could rival the numbers we have seen stolen from single large victims thus far,” FireEye claims.
While hackers aiming at PoS systems begin to target third-parties more, the same can be said for business as a whole. It is predicted that attacks on the enterprise supply chain will surge, as less mature or financially able companies become weak links in an ecosystem where only top firms can bolster their defenses to acceptable standards. Consequentially, large companies will demand evidence of adequate security controls from their suppliers in the future — but whether smaller companies will have the funds available remains to be seen.
When something does go wrong and a cyberattack is successful, response plans are also expected to fail more often, with harsher consequences. FireEye believes that a lack of adequate response could result in a major brand going out of business in 2015. With such risks in the corporate realm, cyber insurance as an industry is expected to grow.
Breaches are an inevitable part of modern day business, but damage control is possible. Real-time network monitoring and forensic analysis after an attack has taken place can help identify attackers, detect a breach as it occurs, and mount a defense before severe damage is done.