Top security trends for 2015

Malvertising and exploitation of legacy protocols are some of the trends to impact security in 2015, says Cyberoam.

---

The Internet of things (IOT), geo-political interferences, attacks on iOS and newer authentication methods replacing traditional passwords are some of the trends Cyberoam believes will impact businesses in 2015.

Apart from these, the vendor expects many more probable trends in the coming year, both from the IT and security landscape.

These are Cyberoam's eight security predictions for 2015:

IOT will gain wider visibility due to its advancements as well as vulnerabilities. As supervisory control and data acquisition (Scada) systems adopt IOT, their exposure to cyber threats will increase. Remotely connected and automated building control systems face a similar challenge. Around 2.2 million Scada and BACnet devices are already exposed to potential cyber threats as these are identifiable via Shodan - a search engine for Internet-connected devices.

The geopolitical landscape is changing dramatically around the world, and the Internet cannot remain insulated from its effects; in fact, the Internet has become a critical tool for government-sponsored propagandas, espionage and cyber attacks. APT malware, sometimes used in these campaigns, grossly undermine legal boundaries. Such malware was found waiting to be activated in networks of oil and gas pipelines, power transmission grids, water distribution and filtration systems, wind turbines and even some nuclear plants in the US. In such cases, large private businesses also come in the line of fire every now and then.

If conditions deteriorate, there will be a larger impetus on cyber attacks from the nations involved, some of which could be revealed during the year.

Poodle, Shellshock and Heartbleed are examples of vulnerabilities in code which sit hidden for years before being discovered and exploited. The legacy protocols on which the Internet seems to run so well are far from perfect, and cyber criminals will continue to exploit the loopholes to their advantage. Some of these protocols, being open source, face a larger threat.

Moreover, as the Internet makes transition from IPv4 to IPv6, cyber criminals will hunt for latent security gaps. In addition to the vulnerabilities in Web browsers, business should also expect client-side attacks exploiting application vulnerabilities in widely-used frameworks like Adobe and Java, thereby aggravating network security challenges for IT administrators.

Given that the healthcare sector is making rapid strides globally in embracing technology and digitising patient care along with storing personally-identifiable information, there is a need to strengthen information security.

Malvertising is likely to become more of a nuisance in 2015 - the old tactics of crafting fraudulent mails around major global or local events is still profitable for spammers. 2015 will not be any different in this regard, though companies can expect to see some newer tricks for evading current e-mail security solutions.

Networks these days generate huge amounts of data. This data contains enough cues to offer patterns of human behaviour that can be used to predict and prevent cyber attacks. However, comprehending and co-relating data out of various logs and reports to get meaningful information, requires time and skills. In 2015, employing the advancements in big data analytics solutions will prominently be employed by organisations seeking actionable security intelligence.

Mobile malwares will make a major impact in 2015, as more people are using handheld devices to access critical business data from cloud - not just for banking and payments. The new Android OS, Lollipop, will be put to test. At the same time, as enterprises embrace Apple apps and the use of iOS-based devices grows, these are getting on the radar of cyber criminals. Recent trends suggest iOS will get hit by phishing attacks and malwares on a larger scale in 2015 than ever before.

The quest for replacing "password" as an authentication procedure will gain momentum. However, scaling up biometric authentication techniques like fingerprint scanning is a big challenge. A major push to move away from passwords is likely to make hackers more than just shift in their seats.