Today cybercrime is a serious business where actually most hackers do not want to be noticed
Graham Welch, EMEA Managing Director, Sourcefire, now a part of CISCO
Each year, about the time the mince pies and festive bunting appear, we begin to see a raft of predictions from companies, analysts and other opinion leaders on what the newest trend businesses and consumers will face in the coming year.
While these certainly grab the attention of the media, seldom do they throw up any huge surprises. Of course you would not expect it any other way, after all, few things arrive unexpectedly or suddenly in the IT world. Fewer still in IT security.
The reality is that cybercriminals are professionals and hacking today is an industrial process that follows the opportunity and the money. There is a direct correlation between the popularity and the pickup of new programmes and applications, and the increase in cyberattacks on those apps and programmes.
After all it is a numbers game. If businesses start to use a certain tool, then it is worth the cybercriminal gangs investing their time to find an exploit and way in via that tool to infiltrate the network and make money. If the application is a specialist one few use, it is unlikely to be worth the criminal’s efforts to exploit it.
Cybercrime today is not like the early days of virus writers and hackers who bragged about their exploits with friends. Today cybercrime is a serious business where actually most hackers do not want to be noticed as the longer they remain hidden in the network and are free to conduct their operations, the more information they can steal and the more money they can make.
So what are the IT business trends we see today that will be driving the cybercriminals activities next year and beyond?
1. Everything is moving to the cloud
While ‘cloud’ is seen as a new trend, for those of us who grew up when William Shatner was Captain James T Kirk, boldly going across the reaches of space, it’s effectively just a new name for the old practice of ‘hosting’ or Software As AService or outsourcing.
Many security companies are taking advantage of the cloud to enhance the effectiveness of their own products and services, but it also creates challenges for the IT department due to loss of governance and concerns about segmentation from other parties in the cloud, to potential data loss and leakage.There are many possible security risks to consider when deploying a cloud-based strategy
2. Mobility is everything
BYOD isanother buzzword, however the proliferation of smartphones and tablets and other employee-owned mobile devices is that they access corporate resources outside of the control of the corporate IT function. This means it can be difficult to identify even basic environmental data for these devices, such as the number and type of devices being used, and the operating systems and applications.
3. Data centre’s rule the world
The data a company hosts in its data centre is very often the crown jewels of that company. By ensuring you have good visibility across the data centre, we can better understand what is happening on the network and effectively take action based on this new information. At the end of the day, better visibility allows for better protection.
4. Android will continue its dominance
There has been a sharp increase in malware designed for mobile platforms and kits are now being sold in the underground market to help hackers target mobile banking. Android devices, in particular, due to the open nature and less stringent security testing are directly in the crosshairs of hackers as threats proliferate and the user-base expands with little thought given to security.
If we believe these are the trends we all recognize, then we can be pretty confident that the cybercriminals will continue to look for routes to target these areas. We know that because they are already.
I can say with some confidence is that the battle between IT security and cybercriminals will continue in 2014 and beyond. Criminals will look at vulnerabilities and other holes in companies’ defences to exploit their network, and security companies will continue to plug those holes and look at new ways to thwart their activities. But what I feel completely confident about predicting for 2014 is that it is increasingly not a question of if you will be attacked, but when.
Most corporate security teams recognize that when it comes to IT security, there is no silver bullet to keep you safe, and it is far better that they plan their corporate networks assuming that they will be compromised at some point, so then it becomes a question of knowing when that happens and containing and repairing the damage to brand and reputation that results.