In 2012, we saw some of the worst online security snafus and attacks. With the increase in cyber espionage for personal and enterprise data in the form of DDoS attacks, cloud outages, and hacker attacks, and according to the latest predictions by IT security companies, PC users will still remain the biggest target for malicious attacks. Mobile devices, including tablets, will also be targeted. On the enterprise front, be it cloud, virtual or physical, securing enterprise network is going to harder than before. Network advancements and environment changes will make it complex and hard to monitor everything that’s hooked to the network.
The following summarize predictions made by security organizations about cybercrime in 2013:
• BYOD will add complexity. According to McAfee, more users will bring their own devices for work and mobile devices will become common in the work place. All these new devices will make the IT environment complex and difficult to monitor.
• The Dropbox hack which caused data breaches will continue to persist both in the cloud and the physical data center.
• Malware will evolve in sophistication of usage and deployment. McAfee indicates it will become difficult to monitor malware and spams - for example, the “It’s you on photo” spam that affected Twitter users leading them to visit a “.ru” spam site.
• The cost of securing the network will increase steeply. IT organizations will spend budget to upgrade network software and equipment for sophisticated tooling which will be required to combat these new threats. Organizations will need to deploy additional administrators to effectively perform monitoring across different attributes across network, system and virtual environments. Software for SIEM solutions, VM/Cloud monitoring, end user activity monitoring will be required as a pro-active threat mitigation measure.
• Personal and enterprise data will become a target for hackers to avenge a communal, political or personal vendetta.
• With the increase in usage of mobile and cloud technology, new IT standards will be mandated like the new PCI DSS compliance standard for mobile payment processing. It is also likely existing compliance rules will be made stricter to enforce compliance.
• According to Trend Micro’s 2013 forecast, the Windows 8 product line-up will be targeted by most hackers.
The secret mantra behind any secure IT enterprise is “being pro-active rather being re active.” So if, the worst is about to strike, let us be prepared for it:
• Use simple but effective methods and use SIEM software to monitor all IT resources including servers, user devices and network devices.
• Proper assignment of resources, both virtual or physical, will enhance performance and will reduce the pain of monitoring unsolicited devices
• Software vulnerabilities should be patched regularly with an automated patch management tool.
• Providing guidelines and educate end-users about network safety, malware, data theft, and spam using internal campaigns and programs.
Threats will always continue to exist. Though we cannot predict every threat, we can increase awareness among users and adopt more prudent security measures to protect users and data.