Security trends you should NOT worry about in 2015, and five you should
Along with its latest predictions, which examine the likelihood of common network security prophecies next year, WatchGuard’s security research team also included five security trends NOT worth worrying about in 2015.
“As security professionals we spend a lot of our time looking for trouble and expecting the worse. And in 2014, there were lots of vulnerabilities and threats to be found such as Heartbleed, Regin and Operation Cleaver,” explained Corey Nachreiner, WatchGuard’s director of security strategy and research. “With so much noise in the market, we wanted to help security professionals focus in on what matters the most – and what doesn’t. Hence, five predictions you need to prepare for in 2015, and five you don’t.”
Top five things NOT to worry about:
1. The Internet of everything will NOT bring a rise of machines: Embedded computing devices (IoT or IoE) are everywhere and have security flaws. However, today’s cyber criminals typically don’t just hack for the heck of it. They need motive. There’s not much value to having control of your watch or TV at this point, so we won’t see hackers targeting them directly. For now.
2. Cloud adoption will NOT continue its stratospheric climb in 2015: Between the “Snowden effect” and a number of cloud services leaking data, organizations will be more concerned with where they put sensitive information. This doesn’t mean businesses will stop using the cloud where it makes sense. It just proves that we can’t put everything in the cloud.
3. Passwords will NOT die in 2015, or 2016, or 2017…: When bulk password thefts happen, the passwords are not at fault; rather the fault lies with that lack of security from the organization maintaining them. A better prediction for next year is that two factor authentication will become ubiquitous online and passwords will remain as one of those two factors.
4. Secure design will NOT win over innovation: Humanity is known for diving into innovative technology without considering the consequences. In order to invent, and push boundaries, we must take risks. That means security will continue to take a back seat to innovation, and that security professionals will have the tough job of weighing the operational benefits of new technologies against their potential security risks.
5. SDN will have security implications, but NOT for years: You won’t have to worry about Software Defined Network (SDN) security next year, or anytime soon! Despite all the hyperbole, SDN is quite a ways from primetime adoption.
Top five things to worry about:
1. Nation states lock “n load for cyber cold war: Global nations are ratcheting up cyber defense and attack capabilities, quietly launching espionage campaigns against one another, and even stealing industrial intellectual property. Expect to see more cyber espionage incidents next year and hear public perception swaying toward an already-occurring cyber cold war where nation states quietly “demonstrate” cyber capabilities.
2. Malware jumps platforms from desktop to mobile devices – and bites hard: Malware that jumps from traditional operating systems to mobile platforms, or vice versa is a killer hacking combination, but until now, has not been particularly damaging. In 2015, attackers will find new ways to monetize mobile infections. Expect mobile malware to have more teeth, for example with customized ransomware designed to make your mobile unusable until you pay up.
3. Encryption skyrockets, as do government attempts to break it: Encryption adoption is increasing as fast as governments are petitioning for ways to break encryption for “law enforcement use.” Security pros must continue to leverage encryption whenever possible; fight for the right to retain private, unbreakable encryption; and build networks that support heavy use of encryption without slowing bandwidth and adversely affecting business.
4. Business verticals become new battleground for targeted attacks: How does a cyber-criminal retain the benefits of a targeted attack while still pursuing big victim pools to make lots of money? By targeting business verticals rather than individual organizations. Modern cyber criminals will target businesses of every size as long as they are part of an interesting, profitable business vertical.
5. Understanding hacker motives key to defending: Hackers have gone from mischievous kids exploring, to cyber activists pushing a message, to organized criminals stealing billions in digital assets, to nation states launching long-term espionage campaigns. Knowing the motives and tactics of various actors helps us understand which ones threaten our organization the most, and how they prefer to attack.