New Delhi, Nov 27: Security analysts called 2013 the year of the mega breach, and severe vulnerabilities such as Heartbleed and Shellshock in 2014 showed that the security community can never rest on its laurels.
According to Symantec, all indications are that 2015 will bring more of the same, with the struggle between those wishing to create new threats and exploit vulnerabilities and those looking to protect against them likely to intensify.
Advancements in the Internet of Things also means consumers will have increased connectivity across their devices, gadgets and machines – and with this connectivity comes the potential for a whole new range of security risks.
Will the Internet of Things usher in a new wave of security attacks? As countries move towards their smart nation master plans, what role will Big Data play? What’s next in the mobile security space?
Symantec’s APJ security predictions for 2015 takes a look at issues that will affect individual consumers, businesses and governments in the region:
Attacks on the Internet of Things (IoT) will focus on smart home automation: With smart home automation gaining popularity amongst consumers across Asia Pacific and Japan, Symantec anticipates that commoditized “plug and play” consumer devices such as CCTV cameras and remote access controls for alarms, lighting and climate control will be exploited by cybercriminals.
While the embedded and small devices continue to become more prevalent, unfortunately not many of these devices are deployed with internet security in mind. These devices tend to have limited memory and system resources and do not have the computing power of a typical desktop.
Mobile devices will become even more attractive targets: Mobile devices will continue to become a target for cyber attackers especially when mobile devices store up a trove of personal and confidential information and are left switched on all the time, making them the perfect targets for attackers. Mobile devices will become even more valuable as mobile carriers and retail stores transition to mobile payments.
Machine learning will be a game changer in the fight against cybercrime: A new generation of business platforms is emerging from the convergence of machine learning and big data and it will be a game changer in cybersecurity. Machine learning is a form of deep learning that may be considered as the first step in artificial intelligence. There is a critical need to stay “proactive” against threats, instead of reacting to them and machine learning will help security vendors stay one step ahead of cybercriminals. The ability for machine learning to predict cyberattacks will improve detection rates and may just be the key that reverses the trend on cybercrime.
Privacy will continue to be sacrificed for mobile apps: Sanjay Rohatgi, President- Sales, India, Symantec said, “We believe that some mobile users will continue to trade their privacy in exchange for mobile apps. While many Internet users are reluctant to share banking and personal identifiable information online, others are willing to share information about their location, and mobile device battery life as well as allow access to photos, contact lists and fitness information, all in exchange for mobile apps.”
Scammers will continue to run profitable ransomware scams: According to Symantec’s Internet Security Threat Report, ransomware attacks grew by 500 percent and turned vicious in the latter part of 2013. This growth was largely due to the success of Ransomcrypt, commonly known as Cryptolocker.
The prominent data leaks of 2014 will keep cybersecurity in the spotlight in 2015:With the interconnected nature of a global internet and cloud infrastructures, cross-border flow of data is unavoidable and needs to be appropriately addressed. 2015 will see the evolution of the Personal Data Protection Act, especially in the Asia Pacific region as it makes a real impact in people’s lives, towards ensuring that individuals and organisations have the right mindset with regards to online security and cybercrime prevention.
Distributed denial-of-service (DDoS) will continue to rise as a threat: Yet another trend seen in 2014 is the increase in Unix servers being compromised and their high bandwidth being used in DDoS attacks. The motivation of the attacker can vary widely, with hacktivism, profit, and disputes being the main reasons. Considering the ease of conducting large DDoS attacks, Symantec expects that the DDoS growth trend will continue in the future. The likelihood of being targeted by short but intensive DDoS attacks is rising.
User behaviour will take centre stage as security moves beyond passwords: With the password system constantly under attack by cybercriminals, security vendors and providers are facing increasing challenges on ways to balance the need for convenience against complexity while providing users with the seamless experience that they demand. Adopting multi-factor authentication techniques such as one-time passwords or iris and fingerprint scanning may provide alternate safeguard methods, but at times they may not be the safest options. The true solution to protecting valuable information lies in users’ behaviour, which is ultimately how we can prevent our personal online assets and identities from being compromised.
The Cloud will take us to Infinity and Beyond: In 2015, we expect to see more and more data hosted in the cloud but as this move occurs, businesses will need to take a closer look at data governance and ensuring their data is cleaned before it is hosted in the cloud. Legacy data left unmanaged will continue to accumulate and present a persistent challenge for businesses. For consumers, the cloud in 2015 represents an infinite amount of personal information being hosted remotely and debate around the right to access, control, and protect private data in the cloud will continue to escalate.
The front lines of cybersecurity will be strengthened by closer industry partnerships and collaborations: The fight against cybercrime cannot be won alone and the security industry together with telecommunication providers and governments from around the world are joining forces to beat the war on cybercrime. The security industry is one of few in the world that has a ‘nemesis industry’ constantly working against it to bring it down. That’s why beating the war on cybercrime requires a different approach.