Security Threat: Predictions for 2014
Each year Websense Security releases a report with predictions regarding the computer and Internet security landscape for the coming year. There's some good news for home users, and some cautions for those who handle high-value data. Find out where to focus in 2014 to protect your data and identity... |
Computer and Internet Security Landscape
Ordinary computer users can be a bit less anxious about malware and phishing attacks in the coming year, though they should not let their defenses slip. Key knowledge workers in business and government organizations, along with the IT pros charged with protecting them, should be on heightened alert against new forms of attack.
That’s the bottom line from Websense Security Labs’ 2014 Security Predictions, an annual report based upon threat trends gleaned from the company’s widely deployed security software.
The eleven-page report discusses nine predictions of security trends and events expected this year, and presents the company’s recommendations for dealing with them. Here is a summary of what may be coming your way in 2014:
Advanced malware volume will decrease. There is already a decline in the rate of new malware production. The arms race in which bad guys release a new, improved virus every few days, only to see it defeated in a few more days by agile anti-malware developers, is proving to be too inefficient for malware creators. There will be fewer mass “carpet bombings” of briefly dangerous malware spread throughout the Internet. That’s the good news.
The bad news is that bad guys are focusing more and more on individuals who are “high value targets:” key employees who deal with a lot of sensitive business data and high net-worth individuals such as philanthropists, sports figures, and celebrities. If you are one of these targets, you need to be on the alert for sophisticated “spear phishing” attacks and guard personal information that can be used to lull you into trusting a message or Web site that you should not trust. (See Can You Smell a Phish?)
At least one major data-destruction attack will occur, Websense predicts. Most attacks focus on stealing data, but damage can also be done by destroying it. Cyberwars between nations can catch civilian targets in their crossfire, and “ransomware” scenarios are becoming increasingly common. (See ALERT: New Virus Demands Ransom For Your Data)
The Cloud, Your Computer, and Your Contacts
Attackers will be more interested in what’s stored “in the cloud” than what’s in local networks. This trend makes sense as more businesses and individuals move to cloud-based computing solutions. Attackers will still target users on local networks, but mainly to steal their cloud-service credentials. It’s important to confirm the security provisions of any cloud service provider you plan to use. (See SECURITY TIP: Two-Factor Authentication)
Java will remain a popular target of attack because end users will remain lazy about keeping their Java installations up to date with the latest security patches. Don’t be one of those people. (See Is Java Safe and Do I Need It?)
Professional social networks will be hunted for high-value executives. LinkedIn, of course, but also more specialized and lesser-known professional networks will be targeted. Unfortunately, you have to be more skeptical of invitations to connect than ever before; verify who the person claims to be, and question his/her reason for wanting to interact with you.
Don’t think your business is too small for hackers to bother with. The big corporations have been under attack for decades and many have “hardened up,” making infiltrators’ lives more difficult. The bad guys increasingly turn to smaller partners of the big firms, who haven’t invested as much in security. If they can compromise one of your key vendors, or a contact with a major client, they can get into the big network and wreak havoc. Guess who will take the blame? That’s right, you.
By the way, it appears that's exactly what happened with the massive credit card breach at Target stores. The hackers targeted an employee of a heating and air conditioning contractor, who (for some bizarre reason) had login credentials for Target's internal computer systems.
Cyber-vigilantism is on the rise, with governments and companies vowing to “hack back” if they are attacked. The problem is that it’s extremely difficult to identify the true source of an attack. In most cases, the owners of hacked computers or websites are not even aware of the problem. When (not if) a hijacked system is wrongfully attacked in retaliation, there will be ground-breaking and wallet-breaking lawsuits.
Bottom line, up to date system and security software are still crucial, as well as a healthy level of skepticism about everything you see on the Web and in your inbox. I suggest you review my Seven Most Common Internet Mistakes and see if you need to take any corrective action.
Your thoughts on this topic are welcome. Post your comment or question below...
This article was posted by Bob Rankin on 18 Feb 2014
For Fun: Buy Bob a Snickers. |
Prev Article: Your Thermostat and the Internet |
The Top Twenty |
Next Article: Geekly Update - 19 February 2014 |
Post your Comments, Questions or Suggestions
Free Tech Support -- Ask Bob Rankin Subscribe to AskBobRankin Updates: Free Newsletter Copyright © 2005 - Bob Rankin - All Rights Reserved About Us Privacy Policy RSS/XML |
Article information: AskBobRankin -- Security Threat: Predictions for 2014 (Posted: 18 Feb 2014)
Source: https://askbobrankin.com/security_threat_predictions_for_2014.html
Copyright © 2005 - Bob Rankin - All Rights Reserved
Most recent comments on "Security Threat: Predictions for 2014"
Posted by:
Daniel
18 Feb 2014
It seems that the 'best' targets may be small-to-medium businesses when looked at as a ROI {Return On Investment}. I.e., the crooks' time/money investments in the attacks will return the highest potential results as a percentage. I would guess one of the reasons is that small entities (like the company for which I work) cannot afford full time IT personnel. So, we put a name brand product on our server (e.g., Symantec Endpoint Protection), backup locally and online, and hammer our employees about being careful to not click on links in emails, and cross our fingers. Information about the effectiveness of personal security products is easy to find. Where can someone like me find out about how the commercial products rank?
Posted by:
Scott Orten
18 Feb 2014
I really don't know how to use SkyDrive. I downloaded and ran the software. If my hard drive crashes how do I get my stuff back from Skydrive.
Thanks
Posted by:
BrianR
19 Feb 2014
Yet another great article. Informative, important, and explained in a way that most can understand. Everyone needs to be educated on these topics, and your publications help immensely with that task. Thanks Bob!
Posted by:
Digital Artist
19 Feb 2014
Over the past five years my suspicion that people with the inclination to steal do not have the intelligence to do it by sitting at a monitor and typing thousands of lines of code. They either acquire or fake some credentials and get a job with a company that has data to steal. Seems to be the situation with Target handing over their password to a contractor. Consider Edward Snowden and Bradley (Chelsea) Manning (never mind the politics.) They got their data by entering a password which was given to them by the guardians of that data, not by building an elaborate program which could break the barriers imposed by those passwords. Besides the traditional software defenses against hackers,* the smart internet user visits all of their on-line money daily to check for unauthorized transactions (and also insures that each of those accounts has its own unique and complex password.)
Trends are toward bigness; mega gives way to terra. Bigger businesses offer more services or products than smaller ones at lower (sometimes) prices. But the huge businesses (Bank of America, Wachovia, Wal-Mart) have tens, hundreds of thousands of employees, many with access to the inner sanctum of their servers. And business depends on trust. We don't put our grocery bill in escrow before we are allowed to shop the supermarket, and even if we did, we would have to trust the escrow agent. So, employers trust employees, in general. Just as the employees trust they will get their paycheck after they have labored away two weeks of their life. Of course there is a degree of vetting, which may be more stringent as the position becomes more sensitive, but (as in the case of Target) there will be violations of the trust. Current foreign policy has come up with a nifty motto (again, ignore the politics) “Trust, but verify."
*Hacker: I used to be a hacker when the word simply meant “an amateur computer programmer”