While organizations and nations are constantly looking for ways to protect and safeguard information, cyber criminals are persistently looking for means to exploit vulnerabilities and evade security controls. But what 2014 holds for information security is for us to wait and watch. However, here are some trends that can be expected in the IT security front in 2014:
- Mobile security in general will continue to be a hot topic in 2014. With the rise in the number of people using Smartphones in 2014, we will see a big rise in mobile security awareness among developers as well as the number of mobile threats and malwares. Android malware will get more and more complex and will seeks out new targets. Mobile Developers realized the fact that their applications are not secure enough as part of the precautions we can expect that security features in the Android platform which will make a positive change in infection rates over time, their adoption will be slow, leaving most users exposed to simple social engineering attacks hence Cybercriminals will continue to explore new avenues for Android malware monetization.
- Data security on cloud will be a major concern. Attacks on corporate and personal data in the cloud expected to increase in 2014. As businesses increasingly rely on various cloud services for managing their customer data, internal project plans and financial assets, we can expect to see an emergence of attacks targeting endpoints, mobile devices and credentials as means to gaining access to corporate or personal clouds.
- Legacy systems may cause further concerns. Time and again, IT failures in banks and other high profile companies have highlighted the fact that legacy systems that are old and out of date are increasingly becoming impossible to maintain because of the lack of skills and people required, to maintain them securely. So 2014 is likely to witness hackers going after these legacy systems, trying to exploit the vulnerabilities in them.
- DDoS Attacks will be harder to detect. Security researchers expect DDoS attacks to become sneakier, as they go from simple volumetric attacks to those that take advantage of a site’s specific performance characteristics. So it is likely that we will begin to witness the spread of tools which target specific profiles. As a result, DDoS attacks will be seen making a bigger impact.
- Insider Threats will continue to be a cause for worry. A survey conducted by CyberSecurity Watch revealed that insiders were the cause for 21 percent of security breaches, and another 21 percent breaches could have resulted from the actions of insiders. So insider attacks are becoming harder to detect and prevent. Although most insider attacks are caused by malicious, disgruntled/former employees, many are also caused by employee negligence. And with BYOD programs becoming more common, 2014 may see an increase in insider threats.
- Data Encryption will gain renewed importance. More and more companies are realizing the fact that their data can be protected only through proper encryption. Hence many organizations will be seen dedicating more focus on encryption, and particular attention will be given to cryptographic block modes like CBC and OFB.
- State-Sponsored Malware will be more common. Stuxnets, widely attributed to the US and Israel, have proven to be much more advanced and effective than anything hackers can develop. Hence more of these attacks can be expected in 2014 from a number of countries, and if they already exist, their presence will be more apparent this year.
So organizations should prep-up their security initiatives and defend their systems with the best of security measures that can tackle attacks of any nature, thwart attempts to bypass controls, protect their data from being invaded, and look forward to a more secure year.