2014 has been particularly busy for IT security professionals. Many of the threats that were predicted at the start of the year duly emerged, while other significant issues caught the entire sector by surprise.
We anticipated, and saw, increases in social engineering exploits, which led to major data breaches at several well-known organisations. Targeted malware campaigns also stepped up, with RAM scraper and ransomware attacks making headlines. Mobile security problems also continued to grow, as employees brought more devices onto organisations' networks.
However, no-one was prepared for the massive vulnerabilities which were discovered in established IT components, such as the Heartbleed OpenSSL bug and the BadUSB flaw, which affected tens of millions of trusted websites and devices worldwide. These issues highlighted just how unpredictable - and challenging - it can be to enforce and maintain security.
With this in mind, here are the 10 IT security threats and trends that I expect to emerge and grow during 2015: I hope that these will assist organisations in staying ahead of the evolving tactics that criminals use to target them, and mitigate potential security risks.
Zero-second malware
Check Point's global network of threat sensors revealed that over a third of organisations have downloaded at least one file infected with unknown malware over the past year. Malware authors are increasingly using obfuscation tools so their attacks can bypass detection by anti-malware products and infiltrate networks. Threat Emulation, also known as sandboxing, is a critical layer of defence against this explosion in unknown infectious agents. Bots will also continue to be a core attack technique, simply because they're effective. Our 2014 Security Report analysed the networks of thousands of companies worldwide, and found 73% had existing bot infections - up 10% compared with 2013. 77% of these infections were active for more than four weeks.
Mobile matters
The issue of securing mobile devices will continue in 2015 to grow faster than organisations can control it. We surveyed over 700 businesses globally in 2014, and 42% had suffered mobile security incidents which cost more than $250,000 to remediate, and 82% expected incidents to rise during 2015. Worryingly, 44% of organisations do not manage corporate data on employee-owned devices. As an attack vector, mobile probably provides direct access to more varied and valuable assets than any other individual attack vector. It's also the weakest link in the security chain, giving attackers access to personally identifiable information, passwords, business and personal email, corporate documents, and access to corporate networks and applications.
Biting into mobile payments
The introduction of Apple Pay with the iPhone 6 is likely to kick-start the adoption of mobile payment systems by consumers - along with several other payment systems competing for market share. Not all of these systems have been thoroughly tested to withstand real-world threats, which could mean potential high rewards for attackers who find vulnerabilities that can be exploited.
Open source, open target
Heartbleed, Poodle, Shellshock. These recent open source vulnerabilities were highly publicised, because they affected nearly every IT operation in the world. Critical vulnerabilities in open-source and commonly used platforms (Windows, Linux, iOS) are highly prized by attackers because they offer tremendous opportunities, so they will continue searching for these flaws to try and exploit them; businesses and security vendors will continue responding to them as quickly as possible.
Attacks on infrastructure
Cyber attacks on public utilities and key industrial processes will continue, using malware to target the SCADA systems that control those processes. As control systems become increasingly connected, this will extend the attack vectors that have already been exploited by well-known malware agents such as Stuxnet, Flame and Gauss. Whether these exploits are launched by nation states, or by criminal groups, they are already widespread: nearly 70% of critical infrastructure companies surveyed by the Ponemon Institute suffered a security breach over the last year.
Suspect devices
As more IP-based appliances are introduced into the workplace and home environments, enabling a better-connected, more efficient world, it also gives criminals a better connected, more efficient network for launching attacks. We need to protect devices, as well as protecting ourselves from these devices as more and more of them come online. Wearables and 'companion devices' that connect to tablets and smart phones are already infiltrating networks - and companies need to be ready for the impact of these.
Safeguarding SDN
SDN can boost security by routing traffic through a gateway and IPS, dynamically reprogramming and restructuring a network that is suffering a distributed denial-of-service attack, and enabling automatic quarantining of endpoints or networks that have been infected with malware. However, security is not built into the SDN concept; it needs to be designed in. As it is being increasingly adopted in data centres, we expect to see targeted attacks that try to exploit SDN central controllers to take over the network and bypass network protections.
Unifying layers of security
Single-layer security architectures, or multi-vendor point solutions no longer offer effective protection to organisations. We will see more and more vendors introducing unified, single-source solutions to the market through development, partnership and acquisition. This is already happening, and we will see increasing collaboration to fight threats.
Cloud cover
With the growth in usage of SaaS services, we predict increasing adoption and use of security-as-a-service solutions to provide visibility and control, threat prevention and data protection. This adoption will increase together with growth in security services outsourced to the public cloud.
Evolution in threat intelligence and analysis
No single organisation can have a complete picture of the threat landscape. Big data will give tremendous opportunities for threat analytics, enabling identification of new attack patterns. Vendors will increasingly integrate intelligence from these analytics into their solutions; and enterprises will also invest in their own analytics to help with decision-making through enhanced context and awareness of threats to their business. Collaborative sharing of threat intelligence will continue to develop, to offer up-to-date protections that suit end-users' specific needs. These capabilities will in turn power unified security solutions that can automatically deliver protection against newly-emerging threats, strengthening organisations' security.