The black market continues to grow and mature
According to a study from the RAND Corporation and Juniper Networks, hacker black markets have reached a significant level of maturity. In 2015, we are likely to see the continued expansion and maturity of hacker black markets. Fueled by the continued vulnerability of point of sale systems and an influx of cloud services, the market opportunity for economically motivated attackers will continue to grow. The hacker black market is similar to a thriving metropolitan city with diverse communities, industries and interactions. Researchers found that different geographic regions and nations tend to specialize in different types of attacks. China is thought to lead in IP exfiltration, Vietnam focuses on e-commerce, whereas Eastern Europe exploits concentrate on financial institutions. Cybercriminals from China, Latin America and Eastern Europe are typically known for quantity in malware attacks, while those from Russia tend to be more sophisticated.
We are likely to see new hacking tools and exploit kits being developed to exploit vulnerabilities in computer systems. Further, despite crackdowns on darkweb sites like Silk Road by the FBI and other law enforcement, new markets will quickly open to take their place to meet the significant demand for stolen records and other illicit goods. There will likely continue to be a significant supply of credit card and other online credentials being sold on the black market driven by mega breaches at major cloud providers and retailers.
Data science spreads to security
With the continued focus of the industry on providing better and more actionable threat intelligence, we are likely to see a rise in demand of data scientists in security. While already in high demand in other fields, the need for data scientists capable of making more accurate and effective colorations of threat data will increase. The companies capable of best applying data science to security will find competitive differentiation in the marketplace by being able to deliver more reliable and useful intelligence about attacks and attackers.
Securing the Internet of Everything
As more devices are connected to the internet, we are likely to see attackers follow as the potential for attacks to increases. The Internet of Everything means that many companies that haven't traditionally had to worry about software security now need be responsible for it. The potential consequences could be significant. The ability for an attacker to remotely control medical devices, cars, thermostats and other physical systems creates a significant threat to society. It will be incumbent on companies developing these technologies to focus on security in the development process, as well as develop ways to quickly patch systems when problems are found. If not, the potential for software hacks impacting critical physical environments and systems will increase significantly.
Sign up for CIO Asia eNewsletters.