For a month now, I have been reading predictions for 2015. In the security field, something new and unexpected can always pop up – like the Point-of-Sale (PoS) breaches in early 2014 – but most likely what will happen is just a continuation, that is, a natural evolution, of what has already occurred.
So let’s take a look at some things that will probably happen this year and steps we can take to stay safer. Tomorrow, we’ll look at a few more.
Data breaches will continue
Data breaches made the news in 2014, and in 2015 we will continue to see security breaches of companies, irrespective of size or business sector. These breaches are often caused by software vulnerabilities, advances in data stealing malware, and as we have seen recently with the Sony breach, by states using cyber espionage against other states.
What to keep your eye out for
- Heartbleed and Shellshock were successful at using vulnerabilities in software that we depend upon. We expect to see more of the same in 2015.
- Increase in phishing and social engineering attacks on employees of big companies in order to break in.
- Health care organizations are at risk because many of them use outdated software and have rudimentary security. Plus, there is so much valuable data to be stolen like sensitive patient records.
- More revelations that governments and even companies are using cyber attacks against each other.
- Companies need to tighten up the security processes of their employees, vendors, and third party suppliers who have access to their systems.
- Companies need to adopt advanced threat solutions to secure their PoS networks from breaches.
- Enterprise breach detection methods need to be improved because cybercrooks will likely go after the bigger fish.
- Passwords are not adequate protection for our personal or financial accounts. Two-factor authentication will be adopted more widely, as will new methods like ultra-sonic sound.
- Consumers and companies should update from the old, vulnerable Windows XP.
Mobile is attractive to cybercrooks
Since our mobile phones are as powerful and can accomplish nearly all the things a regular computer can, that gives cybercrooks a relatively easy in-road to your private data and financial information. 2015 will see consumers becoming more aware of mobile security since they will increasingly use mobile apps that contain sensitive banking, financial, and personal health information.
What to keep your eye out for
- Increase in phishing attacks of mobile users. It’s worked successfully so far, so hackers will keep employing methods to trick employees or vendors into revealing login credentials like usernames or passwords, or installing malicious software. Targets will be more high profile.
- iOS security breach on a wider scale. As companies allow executives and employees to use their own handsets, iPhones will become a more lucrative target. Add to that the iCloud Drive sync, ApplePay, and all those fancy new wearable gadgets, and cybercrooks have new attack vectors to explore for the future.
- After the success of the stolen celebrity photos, the cloud has become a pretty interesting target for cybercrooks. Think of all the information we store in the cloud – especially company info. iCloud, Dropbox, Google Drive, and other cloud technologies are vulnerable.
- Compromised Wi-Fi networks will lead to interception and redirection of mobile traffic like voice and SMS using Man-in-the-Middle attacks.
Room for improvement
- Bring-your-own-device to the workplace means that IT security folks need to take a hard, long look at their policies or more data could be at risk.
- Businesses need to work on a Mobile Security defense plan, or run the risk of
exposing the entire organization to threats.
- Security for mobile apps needs to increase. Developers will agree on a way to secure the app’s code as well as the user’s data accessed by their application.
- Comsumers will take responsibility for their devices security by installing software like Avast Mobile Security and Anti-theft.