If you thought 2013 was a tough year for warding off cyber-attacks, you ain’t seen nothin’ yet.
That’s the message from cyber-security experts, including those at Websense Security Labs, the cyber-security think tank arm of web security company Websense. Big-league hackers and malicious nation states are shifting away from a high-volume attack strategy aimed at overwhelming thousands upon thousands of private and government networks and clouds. Instead, their new approach is to focus highly advanced malware attacks on fewer, but more strategically important private networks and private clouds.
That doesn’t mean small and midsize companies, or any company that believes it is not a prime candidate for such attacks, can let their guard down. There will continue to be lots of conventional, even unsophisticated cyber-attacks launched in 2014, just not as many, according to the experts’ projections.
In our previous blog post, we outlined some of the big trends that the experts are predicting for 2014, based on tracking data they’re already starting to see this fall.
The most sophisticated cyber-criminals are subtly – or even not-so-subtly – shifting away from high volume attack strategies because those kinds of broad attacks are easier to detect and more likely to lead to the hacker or hacker organization being caught. More sophisticated, and narrowly-cast cyber-attacks are harder to detect and defend against. And that reduces the hacker’s risk. Unfortunately, it also raises the level of risk for targeted companies.
Here are some additional key points that IT security teams and IT managed services partners should be aware of as they plan their defenses for 2014. C-Suite executives should be asking questions now about whether their teams and partners are ready.
- Hackers will become more interested in cloud data than network data. This shift follows the movement of more critical data storage from networks to private clouds. Whether the cloud is a more or less inherently secure place for storage data than a server-based network is an argument that could continue for years. (Read our discussion that touched on the cloud security issue here.) But e-criminals are just following the money, which is what data represents to them. If the biggest collection of your high-value data is still stored on your network, rather than in the cloud, your biggest risk will be on the network side.
- Brace for a bloody and expensive turf war for supremacy in the global malware world. No one wants to live on turf that’s being fought over by two rival gangs. But if you’re managing data and network security of just about any company or institution in 2014, that’s exactly where you’ll be. “Paunch,” the Internet nom-de-guerre of the criminal who wrote the dominant malware code known as the “Blackhole Exploit Kit” was arrested in Europe in October. Blackhole, which various criminal groups rented for reportedly huge sums of money, will still be in use. But with Paunch locked up, a couple of other hacker codes known as the “Redkit” and “Neutrino” are expected to fight it out for market leadership, kind of like Coke vs. Pepsi only with more serious implications.
- Java will be more vulnerable than ever. There’s a good reason why more IT experts are pushing alternatives to Java. Java’s early success in getting programmers onboard made it near-ubiquitous on business networks and computers. But that ubiquity led to it becoming one of the most widely targeted programs around. Older versions still heavily used by small and midsize businesses remain especially vulnerable. Even if super-hackers yawn at “simple” Java-focused malware attacks, there’s thousands and thousands of other less-talented but still-dangerous hackers who will gladly continue exploiting Java to make money. Multi-stage attacks will become more common as a way of defeating basic defenses.
- Social media will continue to be a major avenue by which malware will infiltrate corporate networks and clouds. Executives, financial managers, and tech professionals following all the IT security best practices will continue to engage with others on social media, just as they will continue to engage with others via the telephone and text. And their social media activities will continue to be exploited by cyber criminals. In fact, social media will likely become a bigger problem as sophisticated hackers of both the commercial and nation state variety exploit the inherent vulnerabilities related to smart phone-based and work computer-based social media activity to gather intelligence and compromise networks.
- Hackers will target the growing legion of consultants, vendors, contractors and out-sourced workers. In many cases, the weakest link in the chain-of-custody of data is the one between the company’s networks and those people working largely outside the company’s networks on projects that depend on data transferred to/from those networks. It’s like bank robbers striking at the moment bags of cash are being transferred from the armored car to the bank vault. Companies need to be sure their policies and practices include active monitoring of the data that comes and goes from a corporate network. Your IT staff or managed IT services partner ought to be using active monitoring tools that log activity and alert you when someone tries to breach the network.