The issues affecting businesses are similar around the world. The key issues and points of vulnerability are around human engagement – most of it innocently – such as bringing an infected personal mobile device into the corporate network, or clicking on a social media link that looks harmless but hides a Trojan or Worm that will secretly steal data and money and, potentially, remain undetected with severe impact on security of the infected device.
The major cyber-security challenges to businesses through 2015 will come from:
1) Increase in Exploit Kits: Exploit Kits represent the dark but profitable side of cyber-security attacks. Exploit kits comprise malicious programs. They quickly identify and then attack cyber vulnerabilities and spread malware. Exploit kits are created, sold and rented, on the black market. We predict they will be increasingly used because of their ease of deployment (rental model) and ease and speed of infection they deliver. The impact of these attacks will be felt in loss of data, IP, identify theft, financial fraud and theft, as well as in diminished business productivity and continuity. We expect to see exploit kits targeting Windows 8, MAC OS X and mobile devices, particularly Android based, in 2015 as these three targets represent fast-growing segments used by corporates and consumers alike to transact communications, business and commerce.
The growth of malware will continue at an explosive pace. In 2012, Dell SonicWALL identified nearly 16 million unique malware samples through its GRID (Global Response Intelligent Defence system) compared to 13.5 million in year 2011.
2) Increase in mobile cyber-security vulnerability: The adoption of NFC (near field communication) for mobile payment systems makes mobile platforms a very attractive target for financially motivated cybercrimes. The increased use of personal devices because of trends like BYOD (bring your own device) in businesses creates entirely new cyber security issues from loss of company data and IP, financial threat, non-compliance issues to name a few. As social media continues to be adopted universally for personal and business purposes alike, malware will increase dramatically across Facebook, Twitter and Skype in 2015. This triple threat threatens targeted mobile devices at the point of commerce, through their access to corporate networks and through their access to social media channels.
3) Increase in sophistication of cyber-attacks:Last year, we saw cybercriminals abandon older scareware methods such as Fake AV scams and move over to Ransomware scams. Ransomware attacks lock down a computer, device or service and holds all the data hostage or even threatens court action if the user does not pay.
The sophistication and ability to attack and paralyse websites will continue to grow at dramatic pace. For example in 2011, there were 1,596,905 DDoS (distributed denial-of-service attacks) compared to 120,321,372 in 2012.
What steps can business take to protect itself from cyber-attacks?
The most important steps for a business of any size to protect itself from cyber-attacks is to be aware of the most obvious and dangerous variants. Secondly, it is key to educate employees how to recognise and avoid accidentally bringing a virus/malware/trojan into the corporate network. A recent survey by Dell SonicWALL customers shows that 68 percent of all businesses reported that employees cannot identify fraudulent attacks on the corporate network.
Social networks and mobile device interconnectedness are a breeding ground for malware and Internet criminals. Many businesses believe their existing firewalls will protect them from an attack. The reality however, is that old firewalls pose a serious security risk to organisations today. First-generation firewalls technology has become obsolete as it fails to inspect the data payload of network packets circulated by today’s Internet criminals and to protect from attack. To prepare and protect from the massive growth in social media, applications, BYOD and multi-media files flowing through a corporate network, entirely new technology is needed. It is today’s next-generation firewalls that include advanced technology such as application intelligence and control, intrusion prevention, malware protection and SSL inspection at multi-gigabit speeds, scalable to support the highest-performance networks and protect them effectively from the modern threats every user of email or the Internet encounters on a daily basis.
If an organisation does business anywhere on the Internet, it is likely not a question if, but when it will be targeted by cyber criminals. While no protection is ever perfect, there is much that business can do to minimise and deflect the impact of these potential threats. Especially, the IT organisation should closely collaborate with the company leadership to identify vulnerabilities lie, prepare with appropriate countermeasures including advanced high performance, high redundancy network security components and educate employees for the best possible defence and protection of business assets.