2014 saw a seamlessly never-ending flow of cyber-attacks and data breaches, affecting companies of all sizes and across a variety of industries, from retailers and banks to government sites.
Simon Campbell-Young, CEO of Phoenix Distribution, says 2015 can expect more of the same, with the sophistication and severity of cyber-attacks growing over the coming year.
He sees several trends coming to the fore this year. “There aren’t a great deal of threats that are totally new, but they will definitely be fine-tuned and likely to get more complex and dangerous.”
The Web has become the de facto platform for activists, terrorists, criminals and the dark underworld in general to achieve their nefarious ends; be it making money, disrupting governments or stealing corporate secrets. This year, he says, we will see cyber criminals collaborating with each other more and more, as well as an increase in their technical competency.
“The tools and tricks they use are amazingly innovative and effective. This will only get more so in months to come. My advice to businesses would be to expect the unexpected and prepare for the worst. Ensure that you are resilient and able to weather a high-impact breach or security event,” Campbell-Young points out.
“The growth in cyber crime, rise in hacking for causes or hacktivism, and increasing pressure to have solid governance and compliance in place, combined with the under spending on security and technological genius of threat actors is creating a difficult situation for businesses. Those companies who are focusing on what needs protecting the most will be the best placed to weather a serious breach.”
He says the vast majority of governments have regulations in place to safeguard their citizens’ personal information from corporate negligence or carelessness, and have staunch penalties in place for those companies who let their customers’ data fall into the wrong hands. “I only see regulation tightening this year, due to the slew of breaches we saw in the past year. There will be tightening controls governing how information is collected, stored and used, and more and more severe penalties imposed.”
Another area that will see security efforts focusing on, is the supply chain, he says. “While supply chains and third-party partners are crucial to almost every type of business, companies are becoming aware that they pose a number of serious risks. A lot of confidential and valuable data is shared with partners, and as soon as that information is shared, total control over it is lost.”
“This in turn can lead to its integrity being compromised,” he says. “I predict that third-party providers will be in the security spotlight in 2015, and will be used increasingly as an attack vector, particularly when it comes to the more advanced and targeted attacks out there.”
Businesses of all sizes will be forced to think about the ramifications of their third party partners and suppliers accidentally letting their sensitive data fall into the wrong hands. “We recommend working closely with these partners and ensuring security measures and due diligence is in place, and always enforce the principle of least privilege. A well-structured supply chain information risk assessment approach can give the business a comprehensive, easy to follow approach to minimising risk and limit in fallout in the event of an incident.”
Another trend that was under the spotlight in 2014 and is here to say, is BYO, says Campbell-Young. “BYO – whether device, application, wearable – is here to stay, and while many business have BYO policies in place, those who don’t will need to develop these guidelines ASAP.”
More and more employees are flooding the enterprise with a wave of devices, cloud-based storage, wearables and applications, and this is only going to increase, he says. “As personal devices and suchlike enter the enterprise, so does the attack surface increase, and risks from personal devices being exploited continue to grow.
These risks aren’t only from outside attackers either. In fact mismanagement of the device itself, as well as loss resulting from carelessness, accounts for many major risks to the organisation, not only the exploitation of software vulnerabilities and the deployment of poorly tested, malicious or unreliable business applications.”
The final security trend that Campbell-Young has identified for 2015, is the old insider scourge.
“Companies around the world spend many billions of rands on security measures and protocols, yet do not focus enough on protecting them from the potential dangers within the organisation. An organisation’s greatest asset is its people, and there will be more focus on spending on awareness, and education. Employees will always be an unknown quantity. When it comes to security, they are unpredictable, and businesses must embed information security behaviours at every level of the business.”
