CyberArk, the company that protects organisations from cyber attacks that have made their way inside the network perimeter, has outlined its security predictions for 2015. They are as follows:
Sony is not an anomaly
In terms that Sony is being called out for in terms of poor security are very common across enterprises. The prevalence of poor password policies is mindboggling - CyberArk sees this all the time when we meet with prospective customers at large Global 2000 enterprises. Unknown/undiscovered service accounts, privileged passwords that have not been changed in as many as 25 years! Exploitation of privileges allowing attackers undiscovered on a network for months/years.
Reign of the insider threat
The insider threat is expected to take centre stage, with greater sophistication, in the security landscape in 2015 as they have proven to be the quickest way to breach networks and steal data. Rogue employees today not alone collaborate with external cybercriminals and are armed with sophisticated technologies. Organisations will start to be more aware that insider threats cost more than being breached by an external attacker, and continue to invest more in behaviour indicators and classifying data and monitoring access.
The Kevin Bacon effect of Remote Access
The 'six degrees' that separate attackers from your IP / data often include a vendor with access to your systems or other remote access. Threat investigators have traced attacks to non-traditional targets such trucking companies and all types of professional services firms, from management consultants and auditors to litigation attorneys, frequently as a key step in an attack on a business partner. Our research shows 60 per cent of businesses now allow third-party vendors remote access to their internal networks. Of this group, 58 per cent of organisations have no confidence that third-party vendors are securing and monitoring privileged access to their network.
The Internet of Things (IoT) in enterprises
In 2015, enterprises will start to adopt devices that communicate with each other, giving rise to the Internet of Things (IoT). According to Gartner, 4.9 billion connected things will be in use next year, an increase of 30 per cent from 2014. Security issues surround IoT will also gain traction due to the fact that these devices are not inherently secure which could potentially lead to device hacks or data leakages. Organisations will increasingly be concerned with who manages and operates these devices, and technology approaches to manage the security and risk of IoT.
The emergence of more severe banking threats
Malware targeting the banking industry is expected to be more advanced in 2015. Other than the usual phishing and social engineering attacks, banking malware used by cybercriminals are expected to be stealthier, being able to hide on networks, targeting privileged accounts. They will also have capabilities such as being able to steal users' credentials, along with harvesting data to send back to command-and-control systems used by cybercriminals. This will prompt enterprises to invest is safeguarding and restricting access to data on networks.
Sign up for CIO Asia eNewsletters.