Here’s a word of advice for IT staffers everywhere who are responsible for network security: Duck. The next year is shaping up as a doozy.
That’s according to the big-brained folks at Websense Security Labs, the cyber-security think tank arm of web security company Websense.
The group says big-league hackers and malicious nation-states might not be quite as active in the year ahead as they were this year, at least in terms of the volume of malware attacks they launch. But it’s a good bet that they will hone in more intently and accurately on key targets on private networks and private clouds.
Indeed, while most IT staffs and IT managed services responsible for securing enterprise networks will remember 2013 for the record volume of major attacks, Charles Renert, Websense’s vice president of Security research says the more important – and worrisome – development this year has been that many of the big, world-class hacking operations advanced their skills from mere professional tradecraft to “art form” status.
“In 2014, cyber attacks will be even more complex and diverse,” he said. And while the overall volume of attacks may drop a bit, “we predict the volume of targeted attacks and data destruction incidents will increase.”
Thus, corporate network security managers at companies large and small cannot afford to rest on the false assumption that they survived the biggest cyber war ever in 2013 and are now ready to defeat whatever the IT crooks throw at them in the future. Renert – and other cyber-security experts – are making a number of important points for data and network security officers. We’ll tackle all nine points over the course of two blog posts.
Their message ought to make C-level executives whose companies rely on data security sit up and take notice, or at least ask some tough questions about IT security as it relates to you.
- Malware attack volume likely will decrease in 2014. That’s really good news because the frenetic onslaught this year reached historic levels. But that’s not to say the volume of attacks next year will be inconsequential. Websense says new malware entering the global computing environment has begun to decline, mainly because high-volume attacks are more likely to be detected and those behind them more likely to be caught. But this is a gentle downward- sloping trend, not a dramatic falling-off-the-table decrease.
- Malware attacks in 2014 are likely to be the most sophisticated ever. The trend among cyber-thugs is more of a refocusing of efforts on high-intensity targeted attacks. Their goal is to more effectively establish their nasty programs inside fewer, but more high-value corporate – or government – networks or cloud environments. Once fully established inside such networks and/or clouds, the malware can acquire various user credentials and penetrate multiple security barriers to access the most valuable data. Thus, while cyber-attack volume likely will decline in 2014, the advanced nature of many attacks next year will actually heighten, not lower, most companies’ data and financial risk.
- Data theft will remain a major objective, but data destruction is rising rapidly as a goal. Most of us assume that cyber-criminals are out to “steal” data because that’s the most obvious way they can make money. A single set of stolen credit card account data is worth about $20 on the black market, so a million such sets of data are worth $20 million. But more and more the goal of hackers isn’t so much to steal data as it is to destroy it – or to threaten to destroy it if not paid a ransom. Private, for-profit hackers are increasingly bold in launching such attacks. But they’re not alone. Thanks to several widely reported incidents over the past few years, it now is widely understood that a number of nations have built significant hacking operations. Those are used to destabilize markets in which those nations seek to win market share, to disrupt commerce in countries they view as rivals or enemies, or to destroy their rivals’ key R&D or intelligence data. Such attacks are aimed not only at government-run networks, but also at networks and clouds of companies based in targeted nations (especially the United States) and those active in targeted fields like finance, technology, international trade and defense. If your company fits into any of those categories, it is wise to assume your networks and/or clouds are targets of nations seeking to destroy data as much or more as they’re targets of those seeking to steal data.
- “Offensive” responses aimed at the hackers inevitably will create collateral damage. As in real war, the best defense is often a good offense. So as companies and government get more comfortable with that idea, they will be launching more offensive malware attacks designed to disrupt hackers’ own networks and put them on their heels. But as with offensives in real guns-and-bombs warfare, some innocent bystanders – in this case, corporate and institutional networks – are likely to take some potentially crippling hits because of their proximity – physical or transactional – to the bad guys.
In our next post, we’ll address concerns for the security of cloud data, ongoing worries about Java and which criminal organizations are expected to cause havoc in 2014.