Ransomware, Cyber-Spying Among Top Security Trends to Watch

 
 
By Robert Lemos  |  Posted 2016-01-14
 
 
 
 
 
 
 
 
 
  • Previous
    1 - Ransomware, Cyber-Spying Among Top Security Trends to Watch in 2016
    Next

    Ransomware, Cyber-Spying Among Top Security Trends to Watch

    We look at 10 trends--from rising ransomware incidents to malware-less attacks from nation-states--that will likely play a pivotal role in security this year.
  • Previous
    2 - Companies Will Find Ways to Deal With Shortage of Security Pros
    Next

    Companies Will Find Ways to Deal With Shortage of Security Pros

    Demand for security pros will continue to rise. A tremendous shortage of professionals who understand security and the slow rate that education produces reinforcements will lead to an estimated shortfall of more than 1.5 million workers worldwide in 2020. Software engineers and hackers who truly understand the technical components of security are even in greater demand, leaving a short supply for startups and innovative companies. The trend will likely lead to a greater reliance on cloud and managed-security services in 2016, and a focus on information services that help companies understand the threats.
  • Previous
    3 - Security Firms Struggle for Strong Market Valuations
    Next

    Security Firms Struggle for Strong Market Valuations

    Is the information security sector a bubble of investment ready to pop? The question has dogged the industry for a few years, but signs of a slowdown are now be apparent. In the first two quarters of 2015, venture-capital firms invested just short of $500 million in 20 deals—impressive, but a significant decrease from the 33 investments in cyber-security firms in the first six months of 2014 worth $673 million. In fact, activity in the information security sector appears to have peaked in 2014, with 56 deals worth approximately $1.2 billion.
  • Previous
    4 - More Connected Devices, Means More Cyber-Attack Targets
    Next

    More Connected Devices, Means More Cyber-Attack Targets

    The holiday season in 2015 saw drones become popular gifts, so much so that the FAA rushed through regulations, announced on Dec. 14, that require all drones to be registered in a national database and fly below 400 feet. While drones may be the most versatile device that can be controlled—and thus hacked—remotely from a computer, other physical devices have shown the impact that hacks could have in the future. Two security researchers took control of a GMC Jeep, controlling it remotely. The number of devices considered to be part of the Internet of things will grow from 1.2 billion in 2014 to more than 5.4 billion in 2020, according to Verizon, which has published one of the most conservative estimates. All these devices present inviting targets to hackers.
  • Previous
    5 - Ransomware Will Continue to Cause Chaos
    Next

    Ransomware Will Continue to Cause Chaos

    Kidnapping is usually a desperate crime because the criminal cannot receive money until after they have actually committed the crime. Cyber-criminals, however, have turned the act of holding data for ransom into an efficient business while blurring the money trail enough to continue to collect from thousands of victims. Because of their success, criminals are increasingly using ransomware to infect computers. By the second quarter of 2015, ransomware attacks had grown more than tenfold compared to the same quarter a year earlier, according to data from Intel's McAfee Labs.
  • Previous
    6 - More Companies to Rely on Data Encryption
    Next

    More Companies to Rely on Data Encryption

    As breaches continue to plague businesses and consumers, more companies will likely look to encryption to help bolster their data security, especially when the information travels outside the firewall. Over the past 10 years, encryption use has doubled—a slow technological trend, but significant, given the difficulty in managing encrypted data and its keys. The health care and retail sectors are leading the charge to encryption, according to an annual survey sponsored by Thales e-Security—unsurprising since both industries have been hard hit by breaches.
  • Previous
    7 - Big Data Breaches Will Drive Move to Two-Factor Authentication
    Next

    Big Data Breaches Will Drive Move to Two-Factor Authentication

    Service providers will increasingly offer a variety of forms of two-factor authentication, where the questionable security of a password is augmented by a second factor to confirm a user's identity. Consumer services that have suffered breaches—from game sites, such as World of Warcraft, to business services, such as Google Gmail and Apple iCloud—all offer two-factor authentication, generally allowing a user to register a device as the second factor.
  • Previous
    8 - Debate Over Public Security and Personal Privacy Will Heat Up
    Next

    Debate Over Public Security and Personal Privacy Will Heat Up

    Security and privacy have long been considered to be two opposing forces because the easiest approach to security is often to track identities. While that battle will continue in 2016, two forces will add to the debate this year: ever-present calls from law enforcement to have greater access to citizens' communications and the recent passage of the Cybersecurity Act of 2015. Following the recent terrorist attacks in Paris, France, and San Bernardino, Calif., law enforcement officials and some presidential candidates renewed calls for technology providers to build backdoors into their products to give agents the ability to decrypt communications. Technologists have pointed out that backdoors equate to vulnerabilities that will eventually be compromised. The debate is far from settled.
  • Previous
    9 - Cyber- Attackers Will Increasingly Use Victim's Network Tools
    Next

    Cyber- Attackers Will Increasingly Use Victim's Network Tools

    In the distant past—think 1980s—attackers used to break into systems, gain administrators' rights and then use on-system tools to break into other machines. While viruses, worms and malware became the tools of choice during the age of mass compromises, sophisticated attackers infiltrating high-value targets are going "old school," some security researchers say. By using IT administrators' tools that are on the victim's own system—and thus, white-listed by the company—attackers gain the advantage of being able to blend into the crowd on the targeted network. However, just as sophisticated attacks represent a very small minority of attacks—less than 1 percent by most estimates—attacks avoiding the use of malware are only used in limited cases, researchers say.
  • Previous
    10 - Attackers Will Abuse Advertising Ecosystems, Social Media
    Next

    Attackers Will Abuse Advertising Ecosystems, Social Media

    Phishing and malvertising have become popular methods for compromising computers and networks. Phishing is often used in a variety of cyber-criminals' attacks but accounts for the lion's share of sophisticated cyber-espionage attacks—more than three-quarters of all espionage attacks start with an email message with either an attachment or a link. The technique is effective: Some 23 percent of recipients clicked on a phishing email and 11 percent opened the attachment, according to Verizon. While malvertising is not quite as popular, numerous incidents have cropped up, hitting newspapers and entertainment services in 2015.
  • Previous
    11 - Nations Will Continue to Hack for Intelligence
    Next

    Nations Will Continue to Hack for Intelligence

    While the United States and China came to an accord in September to stop hacking to help domestic industries, the agreement is limited to economic espionage, which the United States forgoes by law and China denies as a policy. The agreement lacks teeth, and while the United States has threatened sanctions, no repercussions have yet been felt by nations frequently suspected of hacking and stealing data.
 

Ransomware incidents will increase; investments in security technology companies will slow; malware-less attacks will be the favorite of nation-state cyber-operations. Security professionals will have to contend with these trends in the new year. In 2015, the security industry experienced a great deal of change. The largest attacks focused on health care firms and non-financial data, for example, from the U.S. Office of Personnel Management and Ashley Madison, a change from the retail breaches of prior years. The venture capital market for information security showed signs of slowing. And sophisticated attackers increasingly "farmed the land" by using existing system and network administration tools to extend an initial network breach to a wider system compromise. Other trends stayed largely the same as prior years. More individuals and companies suffered ransomware attacks that locked up computers and demanded payments to unlock them. Nation-states continued to rely on cyber-operations to gather intelligence. The law enforcement and intelligence communities continued to battle for more power to monitor communications and gain access to stored data. The following 10 trends will likely play a key role in security this year.

 
 
 
 
 
 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
Rocket Fuel