2012 suggested that despite everything we still don’t seem to be learning the lessons of data protection. Too much of the damage and frequency of data breaches and hacktivist attacks can be attributed to flawed approaches to how critical data is secured.
This can’t continue and the channel can play a pivotal role in turning around data breach prevention strategies that are failing.
Quite simply 2013 should be the year that more organisations embrace the concept of the secure breach. This means having processes and technologies in place that kill the data and make it useless if it falls into the wrong hands. In essence, security is embedded in every piece of data that’s valuable to you.
The channel can lead the way in advising organisations on the best security products that can address the emerging needs of modern businesses. Comprehensive encryption technology, coupled with robust security key management, will be essential for ensuring organisations’ digital assets and intellectual property are safeguarded in the event of a security breach.
Mobility is going to continue to become a greater part of how people access and use their business data and applications. This is opening up a new range of security threats arising from the use of personal devices on otherwise protected systems. To take a simple example, if someone needs to charge their phone using a USB connector, this could introduce a key logger onto a computer within the corporate development systems.
The requirement of many large organisations to extend their authentication infrastructure presents the channel with a challenge as well as a huge opportunity in 2013. Multi-factor authentication is well understood as a key part of a data protection strategy but its wide scale proliferation has been held back by high management overheads and operational pressures.
The channel can help organisations who need to widen authentication through providing a new generation of authentication as a service solutions. These tackle the operational issues and ensure the necessary scalability needed to provision and manage authentication for large, dynamic workforces.
Another key trend that will have a significant impact on IT security is virtualisation. As organisations become aware of the inherent vulnerabilities of virtual environments, including how easy it is to copy virtual machines and misuse administrators’ access privileges, educating clients about the need to secure virtual machines will be critical. Encryption of VMs recently became commercially available and addresses these issues which are only now becoming of concern.
And finally, digital key management that leverages advances in key management standards and hardware security modules will be a key requirement accompanying any robust security strategy in 2013.
Brian Tokuyoshi, Product Marketing Manager, Palo Alto Networks, predicts:
- Bring social media out of hiding – Increasingly, social media platforms and webmail are becoming de facto communication platforms for personal use, bypassing enterprise security products in the process. Encryption makes more of this traffic invisible to existing security controls. In 2013, enterprises need to find ways to make sure Internet personal use policies do not conflict with the policies (or bypass the technologies) needed to protect the enterprise.
- Do I Decrypt? - Enterprises need to start thinking about decryption not just for data loss, but to check for policy violations and malicious content. CISOs will need to work together closely with HR and legal teams to respect personal privacy while maintaining corporate security, and to make sure that the cure isn’t worse than the ailment.
- Looking for Mice Instead of Elephants - It used to be easy for researchers to get new malware samples and push out signature updates, because malware was indiscriminate of who the victim was. Today, malware authors are creating attacks for very specific victims, and the samples may not be as widely available for researchers to analyse. In 2013, threat prevention best practices will evolve to spot highly customised, targeted malware.
- Virtualising Network Security – When one virtual machine talks to another on the same host, the traffic may never cross the network. As a result, virtualisation network traffic may bypass all the physical network security protections in place for intrusion prevention, malware detection and policy enforcement. In 2013, organisations will be looking closely at their virtualisation strategy to see if it is in line with the network security best practices.
- Assume the network is not safe – For many organisations, the LAN is both the most sensitive and least secured network environment. Anyone can plug a device in and get network access. In 2013, the mindset towards what’s allowed on the LAN is shifting away from “don't trust" to "don’t trust, always verify”, and organisations will make use of segmentation and better application and user-aware access controls to do it.
- The First Gen VPN – Today’s mobile environment is more hostile than it’s ever been, and users often connect from public, sometimes unsecured open wifi hot spots. Letting users choose to stay off the VPN is no longer a sensible option, and 2013 will bring about some tough questions on whether it’s doing what it needs.
- BYOD: more than a Mobility Issue – BYOD emerged because enterprises couldn’t control which employees used enterprise applications, and enterprises tried to reassert control over a long list of devices. In 2013, organisations will start asking whether the user should have been able access to enterprise applications in the first place, regardless of the device used. What looked like a device control issue is actually an eye opening realisation that enterprises did not have adequate control over what’s happening on the network.
David Emm, senior security researcher at Kaspersky Lab, predicts:
The most notable predictions for the next year include the continued rise of targeted attacks, cyber-espionage and nation-state cyber-attacks, the evolving role of hacktivism, the development of controversial ‘legal’ surveillance tools and the increase in cybercriminal attacks targeting cloud-based services.
- Targeted attacks on businesses have only become a prevalent threat within the last two years. Kaspersky Lab expects the amount of targeted attacks, with the purpose of cyber-espionage, to continue in 2013 and beyond, becoming the most significant threat for businesses. Another trend that will likely impact companies and governments is the continued rise of ‘hacktivism’ and politically-motivated cyber-attacks.
- State-sponsored cyber warfare is also expected to continue in 2013. In fact, during 2012, Kaspersky Lab discovered three new major malicious programs that were used in cyber warfare operations: Flame, Gauss and miniFlame. Experts at Kaspersky Lab expect more countries to develop their own cyber programs for the purposes of cyber-espionage and cyber-sabotage. These attacks will affect not only government institutions, but also businesses and critical infrastructure facilities.
- In 2012 an on-going debate also took place on whether or not governments should develop and use specific surveillance software to monitor suspects in criminal investigations. Kaspersky Lab predicts that 2013 will build on this issue as governments create or purchase additional monitoring tools to enhance the surveillance of individuals, which will extend beyond wiretapping phones to enabling secret access to targeted mobile devices. Government-backed surveillance tools in the cyber environment will most likely continue to evolve, as law-enforcement agencies try to stay one step ahead of cybercriminals. At the same time, controversial issues about civil liberties and consumer privacy associated with the tools will also continue to be raised.
- Online privacy will also become more of an issue. Development of social networks, and, unfortunately, new threats that affect both consumers and businesses have drastically changed the perception of online privacy and trust. As consumers understand that a significant portion of their personal data is handed over to online services, the question is whether or not they trust them. Such confidence has already been shaken following the wake of major password leaks from some of the most popular web services such as Dropbox and LinkedIn. The value of personal data – for both cybercriminals and legitimate businesses – is destined to grow significantly in the near future.
- 2012 has been the year of the explosive growth of mobile malware, with cybercriminals’ primary focus being the Android platform, as it was the most popular and widely used. In 2013 we are likely to see a new alarming trend – the use of vulnerabilities to extend ‘drive-by download’ attacks on mobile devices. This means that personal and corporate data stored on smartphones and tablets will be targeted as frequently as it is targeted on traditional computers. For the same reasons (rising popularity), new sophisticated attacks will be performed against owners of Apple devices as well.
As vulnerabilities in mobile devices become an increasing threat for users, computer application and program vulnerabilities will continue to be exploited on PCs. Kaspersky Lab named 2012 the year of Java vulnerabilities, and in 2013 Java will continue to be exploited by cybercriminals on a massive scale. However, although Java will continue to be a target for exploits, the importance of Adobe Flash and Adobe Reader as malware gateways will decrease as the latest versions include automated update systems for patching security vulnerabilities