Menu
Experts pick the top 5 security threats for 2015

Experts pick the top 5 security threats for 2015

Who could top the Sony hack? Someone will surely try. Experts weigh in on the most likely security exploits for the new year.

Massive, high-profile data breaches pockmarked 2014, culminating in the bizarre events surrounding the hack of Sony Pictures--allegedly by North Korea in retaliation for the politically incorrect stoner comedy The Interview. That's a tough act to follow, but I'm sure 2015 will make an effort.  I spoke with security experts to find out what we have to look forward to.

1. IoT: The Insecurity of Things

The Internet of Things has become an inundation of things. Hundreds of innovative, connected devices have emerged to interact with, track, monitor, and simplify just about every area of our lives. But these technologies typically have access to sensitive, personal information, and they also introduce a wide variety of new security issues for attackers to exploit.

2015 may be the year that IoT takes on a new meaning - the Insecurity of Things. "In previous years the Internet of Things was not a big deal," warns Robert Hansen, VP of WhiteHat Labs for WhiteHat Security, "but we're seeing an increasing number of vulnerabilities in internet capable devices, like TVs, home security systems, automation."

2. Sophisticated DDoS Attacks

Denial-of-service attacks are more of an annoyance than anything else. They don't directly steal your information, or cause any overt harm--they just flood a site or service with so much traffic that it becomes overwhelmed and prevents legitimate users from connecting to it. As many Xbox and PlayStation gamers learned over the holidays, though, DDoS attacks are becoming more advanced, and have a very real impact.

"In 2014, DDoS attacks became much more sophisticated. Though much of the reporting focused on the size of attacks, a more troubling trend was the advancement in attack techniques," stresses Barry Shteiman, director of security strategy for Imperva. He notes that attackers have evolved beyond simple flooding of traffic, and can now morph and adapt based on the defenses in place on the target network.

3. Social Media attacks

Mark Bermingham, director of global B2B marketing at Kaspersky Lab, anticipates a rise in social media and waterholing attacks--compromising a website or service commonly used by the target group in an effort to infect one or more of them, and allow the malware to spread from there. Attackers continue to develop new techniques to exploit social networks. As Bermingham puts it, "Security measures can't overcome stolen credentials and click-throughs to dubious links."

Kevin Epstein, VP of advanced security and governance at Proofpoint, agrees that social media attacks are a serious concern for 2015. In a recent blog post, he notes, "In 2015, Proofpoint expects inappropriate or malicious social media content to grow 400 percent as attackers target enterprise social media accounts to perpetrate confidence schemes, distribute malware, and steal customer data." Greater awareness and vigilance are the best defenses.

4. Mobile Malware

Security experts have been banging the drum about the threat of mobile malware for years. The fact that it hasn't yet materialized in a major attack has eroded the credibility of the claims, though, which means many users don't take it seriously and have let their guard down. The sheer volume of mobile devices, and the prevalence of new mobile malware threats only increase the likelihood that a major mobile malware attack will happen. Will 2015 finally be the year?

Kaspersky's Bermingham said, "As consumers and businesses shift to using mobile devices for a greater percentage of their daily activities, cybercriminals will place a larger emphasis on targeting these platforms--specifically Android and jail-broken IOS devices. Remote find, lock and wipe aren't enough."

5. Third-party Attacks

Cybercriminals generally take the path of least resistance, and they've learned that contractors and other third-party providers can provide an opening into otherwise-secured corporate networks. Major data breaches at retailers like Target and Home Depot occurred because attackers were able to obtain valid network credentials from trusted, third-party providers, and just walk right in.

This vulnerability extends far beyond corporations, though. Steve Durbin, managing director of the Information Security Forum, stresses that everyone needs to consider who has been entrusted to connect to or access sensitive information, and whether those entities or individuals have appropriate security measures in place.

This list is by no means comprehensive or conclusive. The very nature of innovative exploits means that we may be caught off guard by a completely new attack. And you may not be able to do much, personally, to prevent third-party attacks or DDoS attacks. But you can keep all of your hardware, software and services updated, and employ security controls to defend against attacks. There is no substitute for awareness and common sense.


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags malwaresonysecurity awarenessSony Pictures2015 predictions

Events

Featured

Slideshows

Meet the Reseller News 30 Under 30 Tech Awards 2020 winners

Meet the Reseller News 30 Under 30 Tech Awards 2020 winners

This year’s Reseller News 30 Under 30 Tech Awards were held as an integral part of the first entirely virtual Emerging Leaders​ forum, an annual event dedicated to identifying, educating and showcasing the New Zealand technology market’s rising stars. The 30 Under 30 Tech Awards 2020 recognised the outstanding achievements and business excellence of 30 talented individuals​, across both young leaders and those just starting out. In this slideshow, Reseller News honours this year's winners and captures their thoughts about how their ideas of leadership have changed over time.​

Meet the Reseller News 30 Under 30 Tech Awards 2020 winners
Reseller News Exchange Auckland: Beyond the myths — how partners can master cloud security

Reseller News Exchange Auckland: Beyond the myths — how partners can master cloud security

This exclusive Reseller News Exchange event in Auckland explored the challenges facing the partner community on the cloud security frontier, as well as market trends, customer priorities and how the channel can capitalise on the opportunities available. In association with Arrow, Bitdefender, Exclusive Networks, Fortinet and Palo Alto Networks. Photos by Gino Demeer.

Reseller News Exchange Auckland: Beyond the myths — how partners can master cloud security
Reseller News welcomes industry figures at 2020 Hall of Fame lunch

Reseller News welcomes industry figures at 2020 Hall of Fame lunch

Reseller News welcomed 2019 inductees - Leanne Buer, Ross Jenkins and Terry Dunn - to the fourth running of the Reseller News Hall of Fame lunch, held at the French Cafe in Auckland. The inductees discussed the changing face of the IT channel ecosystem in New Zealand and what it means to be a Reseller News Hall of Fame inductee. Photos by Gino Demeer.

Reseller News welcomes industry figures at 2020 Hall of Fame lunch
Show Comments