Get ready for invited break-ins, malware-ridden apps and spoof attacks
It’s that time of year again when, it seems, every technology vendor suddenly becomes clairvoyant with an insatiable urge to predict the battles we need to arm ourselves against. The cynic in me would suggest that the primary function for imparting these pearls of wisdom is to sow a seed that grows into sales for a particular technology. With that in mind, here are my top predictions for the coming months.
First on my list of predictions: The aforementioned self-promoting vendors will be compelled to compare me to a pot fixated on certain coal-colored kettles, if you catch my drift. I will retaliate by stating that my predictions are based on “real’ trends that I see in the security arena and not just meant to allow me to sell more of my boxes. $10 says we don’t even get into the New Year before this particular prediction bears fruit!
Ok, enough frivolity already – security is a serious subject, so time for some proper insights!
Rise in invited break-ins
It’s been alluded to for years but our devices are under attack. I predict that 2013 will see a surge in compromised computers. There are a number of ways that this will happen:
a) The patient criminal
Social media has proved hugely popular and many of us now follow our friends and colleagues’ antics through a montage of tweets, status updates and profile changes. And it’s not just the average Joe on the street who has switched on to Social Media; criminals are also using these networking sites to practice their craft – for example, Dorkbot hit Skype in October and combined ransomware with social media targeting by delivering clickable messages to users on behalf of their connections. Take this a step further and I believe the threat could come from a wolf in sheep’s clothing – the criminal in disguise.
Imagine a Twitter feed purporting to be from a respected, but relatively new, guru on the block. His LinkedIn profile looks legitimate with a number of credible positions under his belt. After a few months the account has risen from X00s to X0,000s of followers all hanging on his every word. On the face of it this person is not just trusted but obviously has his finger on the pulse. One day he issues a warning that there is a serious security flaw in a popular operating system. Suggesting a patch will be too late, many trust the link he publishes and clamour to download the code that will mitigate the threat. But what if it’s all part of an elaborate deception and, instead of a protective blanket, you’re cut to shreds in razor wire?
b) The deadly app
To date, many app vendors (Google, Microsoft, Apple etc.) have managed to retain control of their own stores. I think that, with everyone and his son now writing apps, some stores may struggle to vet every single program offered and remain timely. For that reason, it’s inevitable that a virulently malevolent code will infiltrate these marketplaces. With some programs, once they’ve been installed on a user’s PC, they are able to automatically install on all of the users linked devices. And it doesn’t mean that the user will be instantly aware that malware has been installed, as it could lie dormant waiting to be exploited when the time is right. Of course, it will depend on the program, but the right code could take advantage of a user’s apathy and abuse any stored credentials and automatic fills for various online accounts. What about a smartphone that is then used to dial premium rate numbers!
Let’s get mission-critical
With a depressed economy many organisations are looking for the miracle technology that will help them speed innovation, increase agility and improve financial management. Cloud has been touted as the very “miracle’ we’ve all been searching for – but insecurities have prevented many from taking the final leap. I think that could change. In 2013 I foresee out-of-the-box cloud infrastructures continuing to provide mission-critical, next-generation platforms for businesses providing a solution-driven all-in-one security environment for those companies looking for best-in-class protection. Notice anything awkward about the previous sentence?
While we’re on the subject of Cloud computing, compliance will be a big business driver. While many condemn legislation, it can sometimes be the necessary evil. My opinion is that, in this case, it will provide both large and small companies with a better approach to the BYOD problem.
In the last few years we’ve seen a number of high profile governments pointing the finger at each other with accusations of state sponsored spying. I think these “occasional’ rumblings about Government-sponsored site crawling searching for threats disguised behind the clever but criminal use of technology will increase. While I’m not sure which side of the fence I sit on when it comes to this kind of government cyber-sleuthing, what I do applaud is that it will raise public awareness of these and similar dangers lurking in cyber-space.
If the economy continues to sag–and I don’t need a crystal ball to predict that it’s highly likely to–then targeted crime will continue. Unfortunately, it is the end user that makes the easiest target for phishing and malware scams. I think we need to prepare for some creative campaigns — people selling items that they don’t have to steal money. With what I’ve learned over the years, if I were struggling to feed myself and lacked morals, I could think of a variety of colourful campaigns that I could launch against the less tech savvy.
A new buzzword is born (or will be)
Acronyms and buzzwords litter the technology arena, particularly in correlation with enterprise risks. For example, APT – or advanced persistent threats, caused many to quiver with fear resulting in numerous consultancy projects and clueless organisations investing heavily in a myriad of defences. In the last few years, the budgets allocated to thwart APT have dwindled. What’s needed is a new scary acronym for specialists to band about – how about NBM’s (no boundary menaces) or perhaps AEK’s (axis of evil kamikazes). While you may laugh, I’d bet at this very moment a marketing genius somewhere is busily working his way through the thesaurus to come up with the NBT (next big threat).
Each year predictions are made, and warnings issued, in preparation for another twelve months. Yet, year after year, we still find ourselves surprised when attacked and more unprepared than we thought we were. We’ve all learnt to be streetwise to keep ourselves safe in the real world, yet we leave that astuteness behind when interacting virtually. In 2013 I urge everyone to think before they click – my rule of thumb for even the most basic users – if you don’t trust it, don’t do it.
Oh, and if you really want a set of predictions that will help you, look at some 10 year old “biggest real threat wrap-up” and put the recommendations into play.