IoT, APTs and personalised threats amongst top concerns
Boutique internet security distributor, Hemisphere Technologies, spoke with its vendors and security specialists to talk about some of the biggest security threats businesses will be facing as we move into 2016. From the Internet of Things to personalised threats and cyber security training, here are the top seven security predictions from Hemisphere and its vendors:
- The Internet of Things Vishal Jadhav, Technical & Pre-sales Services, Hemisphere Technologies There’s been a lot of hype about the Internet of Things (IoT) becoming the next big security threat and for good reason. The sheer number of devices we have that connect to the internet, from smart watches to whitegoods to TVs and even cars, will only increase in 2016. And these devices are all vulnerable to attack. The reason is because most of these devices have been designed with the ease of functionality for the user in mind, with security often neglected. In order to ensure IoT security it will be imperative to secure these devices at the development stage. A baked-in security approach is the best solution to solve the vulnerabilities of any product or software being developed – this is the only way we can help lower the risk of the Internet of Things.
- Personalised threats Ronald Gange, Technical and Presales Services, Hemisphere Technologies Threats are going to become even more personal in 2016. Increasingly, cybercriminals will shift their focus away from targeting businesses with credit card information and broadening their net to targeting organisations with sensitive customer information. Once obtained, sensitive customer information will be used for ransom or selling to criminal organisations – the Ashley Madison breach is a prime example of just how badly individuals can be affected following a data breach. Given this change in focus, businesses will have to prove they’ve taken due care in protecting their customers’ personal data to avoid class action lawsuits. PCI-DSS protects card data, which is covered by insurance, however damage to personal wellbeing and families is at stake in this new type of cybercrime, and there is no insurance to cover that. To limit the damage of such breaches, attacks need to be detected and dealt with in a timely manner. More importantly, businesses will need to implement a holistic set of security controls to detect breaches, eliminate threats and prevent the exfiltration of data.
- Increased security investment for SMBs Javaad Malik, AlienVault Security Advocate, AlienVault, Inc. As breaches continue to dominate the headlines, smaller companies are becoming increasingly aware of the impact breaches can have. From a digital perspective, no company is considered ‘too small’ and even young companies with limited resources can be targeted. This can be either for the data they hold or so that they can be used as a conduit to attack a larger company. Small businesses can no longer make do with basic security solutions. Moving into 2016, SMBs will need to focus on security and start allocating sufficient resources to ensure that their business networks and customer data are protected.
- Advanced persistent threats (APTs) Stefania Cosimi, Marketing & Communication Manager, Endian Advanced persistent threats (APTs) are becoming more diffused and dangerous every day, and will be a huge cause for concern in 2016. The reason APTs will continue to be amongst the biggest problems is that they’re adaptive, smart and can in a sense “transform themselves” during attacks, making it impossible to develop a defence as quickly as the APTs evolve. To fight APTs we need to change our defensive approach; to develop a solution able to recognise a potential malware by excluding that it is “goodware”. A solution needs to be developed which is able to change as the APT does, designed as a multi-layer defence that can find and destroy the threat in different points of the network.
- Cyber-criminals to drop the A and P from APTs Andrew Mamonitis, Managing Director, Kaspersky Lab ANZ In 2016, advanced persistent threat actors may drop the A and the P from their threats. We expect to see a decrease in the emphasis on persistence, to reduce the traces left on an infected system. The merger of cybercrime and APT has emboldened cybercriminals who have transitioned to going after the financial institutions themselves. In that vein, we expect cybercriminals to set their sights on novelties like alternate payment systems and stock exchanges. We expect the success of Ransomware to not only continue, but to also spread into other platforms with the more desirable target platform OS X, because of the ‘Mac prices’.
- Cyber security training John Andrews, Director, Strategic Alliances and Channels EMEAPAC, BeyondTrust 2016 will be the year of skilling and training expenditure in cyber security in Australia. With the Prime Minister Malcolm Turnbull having laid down the foundations for cyber security investment, as well as industry leadership from the likes of BAE Systems who has released a cyber security apprenticeship program, we will see the start of long term skilling and value given to cyber security personnel. Other industry training initiatives from the likes of ISACA who have released the Cyber Security (CSX) accreditation and various other information security courses will be sold to capacity as Australian organisations finally move away from the “it won’t happen to me” mentality.
- Security in depth John Andrews, Director, Strategic Alliances and Channels EMEAPAC, BeyondTrust Australian businesses will be returning to a “security in depth” approach that will look at integration points between traditionally separate controls. For example, organisations will look to connect vulnerability threat intelligence to privileged account and identity information. In the last two years, major breaches have all been due to a vulnerability that led to a privileged account being stolen. Integration points (even with competitive technologies) will be highly valued. Technologies that hook up with SIEM, UTM or other management interfaces will be highly prized. 2016 will be a year of change, but will ultimately lead to the incredibly important work that Australia must do as a country to catch up with the cyber security maturity of other developed countries.
Hemisphere Technologies is a boutique Information Security Solutions distributor based in Australia and New Zealand. It specialises in the supply of Corporate and Consumer IT Solutions for the world-leading vendors Kaspersky Lab, BeyondTrust, AlienVault, Endian, Egility and MailGuard throughout the Asia Pacific Region.