Security Threat: Predictions for 2014
Each year Websense Security releases a report with predictions regarding the computer and Internet security landscape for the coming year. There's some good news for home users, and some cautions for those who handle high-value data. Find out where to focus in 2014 to protect your data and identity...
Computer and Internet Security Landscape
Ordinary computer users can be a bit less anxious about malware and phishing attacks in the coming year, though they should not let their defenses slip. Key knowledge workers in business and government organizations, along with the IT pros charged with protecting them, should be on heightened alert against new forms of attack.
That’s the bottom line from Websense Security Labs’ 2014 Security Predictions, an annual report based upon threat trends gleaned from the company’s widely deployed security software.
The eleven-page report discusses nine predictions of security trends and events expected this year, and presents the company’s recommendations for dealing with them. Here is a summary of what may be coming your way in 2014:
Advanced malware volume will decrease. There is already a decline in the rate of new malware production. The arms race in which bad guys release a new, improved virus every few days, only to see it defeated in a few more days by agile anti-malware developers, is proving to be too inefficient for malware creators. There will be fewer mass “carpet bombings” of briefly dangerous malware spread throughout the Internet. That’s the good news.
The bad news is that bad guys are focusing more and more on individuals who are “high value targets:” key employees who deal with a lot of sensitive business data and high net-worth individuals such as philanthropists, sports figures, and celebrities. If you are one of these targets, you need to be on the alert for sophisticated “spear phishing” attacks and guard personal information that can be used to lull you into trusting a message or Web site that you should not trust. (See Can You Smell a Phish?)
At least one major data-destruction attack will occur, Websense predicts. Most attacks focus on stealing data, but damage can also be done by destroying it. Cyberwars between nations can catch civilian targets in their crossfire, and “ransomware” scenarios are becoming increasingly common. (See ALERT: New Virus Demands Ransom For Your Data)
The Cloud, Your Computer, and Your Contacts
Attackers will be more interested in what’s stored “in the cloud” than what’s in local networks. This trend makes sense as more businesses and individuals move to cloud-based computing solutions. Attackers will still target users on local networks, but mainly to steal their cloud-service credentials. It’s important to confirm the security provisions of any cloud service provider you plan to use. (See SECURITY TIP: Two-Factor Authentication)
Java will remain a popular target of attack because end users will remain lazy about keeping their Java installations up to date with the latest security patches. Don’t be one of those people. (See Is Java Safe and Do I Need It?)
Professional social networks will be hunted for high-value executives. LinkedIn, of course, but also more specialized and lesser-known professional networks will be targeted. Unfortunately, you have to be more skeptical of invitations to connect than ever before; verify who the person claims to be, and question his/her reason for wanting to interact with you.
Don’t think your business is too small for hackers to bother with. The big corporations have been under attack for decades and many have “hardened up,” making infiltrators’ lives more difficult. The bad guys increasingly turn to smaller partners of the big firms, who haven’t invested as much in security. If they can compromise one of your key vendors, or a contact with a major client, they can get into the big network and wreak havoc. Guess who will take the blame? That’s right, you.
By the way, it appears that's exactly what happened with the massive credit card breach at Target stores. The hackers targeted an employee of a heating and air conditioning contractor, who (for some bizarre reason) had login credentials for Target's internal computer systems.
Cyber-vigilantism is on the rise, with governments and companies vowing to “hack back” if they are attacked. The problem is that it’s extremely difficult to identify the true source of an attack. In most cases, the owners of hacked computers or websites are not even aware of the problem. When (not if) a hijacked system is wrongfully attacked in retaliation, there will be ground-breaking and wallet-breaking lawsuits.
Bottom line, up to date system and security software are still crucial, as well as a healthy level of skepticism about everything you see on the Web and in your inbox. I suggest you review my Seven Most Common Internet Mistakes and see if you need to take any corrective action.
Your thoughts on this topic are welcome. Post your comment or question below...
This article was posted by Bob Rankin on 18 Feb 2014
|For Fun: Buy Bob a Snickers.|
Your Thermostat and the Internet
The Top Twenty
Geekly Update - 19 February 2014
Post your Comments, Questions or Suggestions
Free Tech Support -- Ask Bob Rankin
Subscribe to AskBobRankin Updates: Free Newsletter
Copyright © 2005 - Bob Rankin - All Rights Reserved
Article information: AskBobRankin -- Security Threat: Predictions for 2014 (Posted: 18 Feb 2014)
Copyright © 2005 - Bob Rankin - All Rights Reserved