This year has been a whirlwind of very public breaches and cybersecurity headaches. From Heartbleed to Shellshock, we know the interwebs are never as secure as we think they are. Retailers, banks, and healthcare/medical industries continue to be hit by POS attacks, credit card breaches, and other attacks resulting in IP being sucked away by our enemies. Even the entertainment industry was hit this year, and is still reeling from it.
Below are five predictions for 2015 that we think will be the good, the bad, and the ugly for security professionals to take notice of.
BYOD Disasters and Insider Threats Increase
With the blurring of lines between work and personal devices, the opportunity for simple spearphishing and other tactics to wreak havoc on an enterprise network increases. Not only do security teams have to worry about employees unwittingly letting a hacker into their networks, but the risk of insider threats are still relevant.
Iran and Pakistan Continue to Grow as State Actors
It’s not just China and Russia anymore, we have seen more and more activity coming from other actors in Eastern Europe and the Middle East. Pakistan has been seen targeting India and others on a more sophisticated level. Iran is a big adversary to watch, as they continue to infiltrate oil, energy, transportation, and other critical industries. Whether or not this is related to more organized state-sponsored activity or not, time will tell.
Hacktivists and Lone Wolves Becoming More Dangerous
While state-sponsored APT attacks continue to grow, more and more organizations are worried about the threats they don’t even know are coming. With Hacktivist groups like Anonymous, lone wolf hackers, and small (yet organized) crime groups, the threat can really come from anywhere, without warning. The financial and retail industries have all been hit by crime syndicates, and other unknown groups this past year, and we can expect to see those numbers grow.
Increased Opportunity for Collaboration Between Industries, Government, and Vendors
Not just talk but becoming reality, we have seen the benefits of the private and public sector working together to eradicate cybercrime. From Operation SMN to Operation Arachnophobia, we know firsthand that working together makes a difference in analyzing threat data and proactively blocking threats.
Government and Private Sector Standards for Collaboration and Sharing Threat Intelligence
NIST put out its standards guide for sharing threat intelligence draft this fall, and STIX continues to gain traction in the industry (whether or not it becomes a reality and adoption increases, we will see). We think that standards will continue to evolve in 2015.
In 2015, CISOs and CIOs will need to take a hard look at their network infrastructure and determine if they are truly prepared should the unthinkable happen. That means staffing up with the best people possible, establishing better practices and protocols to protect your data, and understanding the tactics, techniques, and procedures that hackers will use when breaching their networks or trying to gain access to private data. Knowledge is power, and understanding the threats targeting your network helps put you ahead of the game.
What are your thoughts on what 2015 will bring? Let us know on Twitter @ThreatConnect.