We covered McAfee Labs' 2015 Threats Predictions report earlier this month that nimbly depicted increased cyber-attacks and espionage, as well as new strategies from hackers to hide their tracks and steal sensitive data. In the following, however, we present you CyberArk’s interesting security predictions for 2015, which use quite a different approach for their forecasts with a kind of different angle:
- Reign of the insider threat The insider threat is expected to take center stage with greater sophistication in the security landscape in 2015, as they have proven to be the quickest way to breach networks and steal data. Rogue employees today are not only collaborating with external cybercriminals, being are armed with sophisticated technologies. Organizations will have to start being more aware that insider threats cost more than being breached by an external attacker, and therefore continue to invest more in behavior indicators, classifying data and monitoring access.
- Emergence of more severe banking threats
Malware targeting the banking industry is expected to be more advanced in 2015. Other than the usual phishing and social engineering attacks, banking malware used by cybercriminals are expected to be stealthier, being able to hide on networks, targeting privileged accounts. They will also have capabilities such as being able to steal users' credentials, along with harvesting data to send back to command-and-control systems used by cybercriminals. This will prompt enterprises to invest in safeguarding and restricting access to data on networks.
- The Internet of Things (IoT) bedevils security
In 2015, enterprises will start to adopt devices that communicate with each other, giving rise to the Internet of Things (IoT). According to Gartner, 4.9 billion connected things will be in use this year, an increase of 30% from 2014. Security issues surrounding IoT will also gain traction due to the fact that these devices are not inherently secure, which could potentially lead to device hacks or data leakages. Organizations will increasingly be concerned with who manages and operates these devices, and technology approaches to manage the security and risk of IoT.
- Healthcare industry gains popularity among cybercriminals
- Data protection laws in full force
While legal frameworks have started to be firmer, 2015 will see more rapid developments surrounding data protection law. This will put added pressure on organizations in the region to secure the data of customers. This includes coming up to internal data protection strategies such as having privileged and restricted access to more sensitive customer data.
- Social media, tools as a threat frontier
- Cloud adoption drives privileged account security
Organizations have turned to cloud computing and mobile devices in recent years to stay competitive as well as to increase the productivity of employees. As the use of cloud continues to grow in enterprises in the year ahead, SaaS, PaaS and IaaS will lead to an explosion of privileged accounts due to its presence of third-party vendors on internal networks. Organizations will look to enhance security of privileged accounts with more capabilities such as context-aware access controls and automatic credential management.