IT Pro

Predicting more cyber security needed in 2013

Part three of a series of technology predictions.

It will come as no surprise to anyone interested in technology that security vendors predict more cyber threats, more highly-targeted (read personal) attack techniques and a rise in cyber espionage and hacktivism next year and beyond.

Scepticism aside, their predictions have a base in the data and analysis they, and other security researchers, see every day. 

Here is a brief summary of what some of them believe will happen in the year ahead. 

Cyber security

The potential for a rogue nation state, hacktivists, or even terrorists to move beyond intrusion and espionage to disrupt and perhaps destroy critical infrastructure is increasing, says Art Coviello, executive chairman of RSA, the security division of EMC. Examples of this include recent attacks on Israeli websites, attacks on Gulf oil production infrastructure and Iranian nuclear facilities. Australia is not immune.

Advertisement

Expect more cyber threats in the corporate domain too, says David Owen head of strategic programs in Australia for BAE Systems Detica, a global security company.

"Cyber attacks are low cost for the attacker and there is a high success rate in obtaining sensitive information or resources. Particularly with the trend of moving data into the cloud, it will be even more important to look at ways to protect your assets."

Supply chain attacks

There will be an increase in supply chain attacks, where organisations that have a very mature security model are instead targeted through someone else who interacts with that organisation, says Shaun McLagan, RSA's general manager for Australia and New Zealand.

Ransomware

Ransomware (data files encrypted by criminals and a ransom demanded for them to be unlocked) will start to impact Australia, says Mike Sentonas, McAfee's chief technology officer in the Asia Pacific. "Ransomware that was previously successful in some parts of Europe is now becoming a global problem and we're starting to see this impact locally. The recent fake Australian Federal Police ransomware attack is an example of this type of attack, and while they are successful they will continue."

Non-Windows attacks

Non-Windows attacks will continue to increase in 2013, predicts Sentonas. "Android devices are now the highest selling mobile devices in the Asia Pacific market and hackers will take advantage of that by developing mobile malware."

BYOD

BYOD is highly vulnerable to attacks, says BAE Systems Detica's David Owen, Australian head of strategic programs. "In a country of 20 million people, we now have 30 million mobile services. This has increased by 50 per cent in five years. However, end users are unable to defend themselves and therefore end-user devices are cannon-fodder: they are very easily compromised and for many users, and probably already are."

Through 2014, employee owned devices will be compromised by malware at more than double the rate of corporate owned devices, predicts Gartner. "Endpoint security will become even more important as the number and types of devices accessing enterprise resources explode."

"The mobile malware growth rate is similar to that of Windows malware some time ago, which shows it is a genuine threat," says Sentonas.

Signed malware

The signed malware trend is likely to continue in Australia over the coming 12 months, says Owen.

Signed malware is present when a hacker obtains a digital certificate from an organisation and appends it to malware, allowing the malware to pass through an organisation's operating system, says Sentonas.

"This type of threat will be harder to stop because it appears more legitimate."

DNSChanger attacks

With the increase in online shopping, security software company Kaspersky Labs predicts more DNSChanger attacks, where malicious software changes domain name settings and tricks consumers into thinking they're on a legitimate website, when in fact they've been redirected to a fake website that allows hackers to steal personal information and credit card details.

Managing security risks

Big Data and analytics will play a strong role in the management of security challenges, predicts McLagan, with the use of analytics to assess what the risk position is within an organisation.

Skills crisis

There will be a severe skills shortage in the information security industry, says Owen. "There is a need for investment in people rather than technology. Technology can help stop technological threats, but humans are required to stop human threats."

Advertisement

4 comments

Comment are now closed