2014 has witnessed a significant increase in reported cyber hacks and related financial losses either due to prosecution, loss of reputation and even job loss due to non reaction to an event.
Attacks have become more sophisticated with the frightening revelations of some being persistent and carried out over many months. This begs the question: are individuals within organisations taking these threats seriously or are they not empowered to act?
2015 will undoubtedly see a further escalation of cyber attacks. Here are Tankard’s top ten tips to watch out for in 2015.
1. Limiting access to sensitive servers will become more of a necessity than a ‘nice to have’. You can’t hack what you can’t see.
2. Security awareness training for all staff will dramatically increase in order to improve areas such as password creation – organisations must somehow ensure that employees stop using ‘password’ or ‘12345’!
3. Tighter access control, especially for privileged accounts, will become a necessity. Many seemingly insider threats are caused by external individuals hijacking high-level credentials.
4. The EU Data Protection Regulation will finally be passed. Implications for data sovereignty will impact choice such as jurisdiction for data storage, especially in the cloud. This means self control or separation of key management of encryption keys will become imperative.
5. Actionable intelligence will become more of a buzzword. This will lead to investment in security intelligence platforms to provide non-repudiation of digital evidence – even for voice calls.
6. Continuous monitoring will be hot, as detecting threats will take over from merely trying to prevent them.
7. More automation in incident response, especially for attacks/incidents with clear escalation paths.
8. With the increase in uncontrolled development and downloading of applications for smart phones there will be a significant increase in rouge malware that will exploit both the data held on the platform or use the platform to make, for example, outbound premium rate calls or visit illegal websites.
9. Smart devices in the home will be targeted – smart means exploitable!
10. Santa in Christmas 2015 will not deliver by sleigh anymore and will outsource to Amazon drones!