Aeriandi unveils new line-up of PCI DSS complian... » OXFORD, UK: Aeriandi has unveiled its new portfolio of secure voice services. Agent Pay, IVR Assist,... Digital preservation goes mainstream as organiza... » Digital Preservation specialist, Preservica, has seen a 50% growth in new customer signings in the l... CIOReview selects Cryptosoft for 50 most promising... » Annual list showcases the 50 Most Promising IOT Solution Providers 2015. Cryptosoft makes it to CIOR... Qognify scores 5 Homeland Security Awards from Gov... » Qognify, formerly NICE Security, has announced that, for the fourth consecutive year, its physical s... AdaptiveMobile identifies hundreds of millions o... » DUBLIN AND DALLAS: AdaptiveMobile has released a new report entitled ‘Turning Grey into Gold – Adapt... Tripwire introduces ‘Search by Hash’ Functionali... » London, UK: Tripwire, Inc. has announced new search by hash functionality in Tripwire® Enterprise th... The insecurities that haunt public Wi-Fi » It’s no surprise to anyone that Wi-Fi use continues to grow. However, what is hard to believe is tha... International Alert welcomes UK Government's ... » Today International Alert, Europe’s leading peacebuilding NGO, welcomed the UK Government’s commitme... High-Tech Bridge launched a new addition to its ... » The new package, ImmuniWeb Continuous, provides customers with a real-time interactive dashboard for... Opengear advances to preferred solution partner ... » Sandy, UT: Opengear has announced that it is now a Preferred Solution Partner within the Cisco® Solu...


Advertise with Vigilance

Got News?

Got news for Vigilance?

Have you got news/articles for us? We welcome news stories and articles from security experts, intelligence analysts, industry players, security correspondents in the main stream media and our numerous readers across the globe.


Subscribe to Vigilance Weekly

Information Security Header

It’s the time of year again when IT security experts predict what the next year will bring. Below are three predictions and trends from three IT experts

Corey Nachreiner, Director of Security Strategy at WatchGuard, predicts:

A Cyber Attack Results in a Human Death

WatchGuard hopes it is wrong in this prediction. But with more computing devices embedded in cars, phones, TVs and even medical devices, digitally dealt death is not only possible, it's plausible. Security is still often an afterthought when developing innovative technical systems. Criminals, hacktivists, and even nation-states are launching increasingly targeted cyber-attacks and most recently, a researcher even showed how to wirelessly deliver an 830 volt shock to an insecure pacemaker.


Malware Enters the Matrix through a Virtual Door

Last year was the first real-world instance of malware that sought out virtual machines (VMs).. Today, there is an emergence of malicious code that can recognise when it's running in a virtual system and act accordingly. In 2013, WatchGuard predicts attackers will create even more VM-targeted malware that will be designed to take advantage of weaknesses found in many virtual environments.

It’s Your Browser - Not Your System - that Malware Is After

WatchGuard anticipates a steep rise in browser-infecting malware in 2013. With increased adoption of cloud services, a great deal of personal data passes through web browsers. Many antivirus solutions focus on catching traditional malware that infects an operating system and aren't as effective at detecting browser-based infections. Now, a new type of malware has emerged. Sometimes called a Man-in-the-Browser (MitB) or browser zombie, it arrives as a malicious browser extension, plugin, helper object, or piece of JavaScript. It doesn't infect the whole system; instead it takes complete control of a browser and runs whenever the victim surfs the web.

Strike Back Gets a Lot of Lip Service, but Does Little Good

‘Strike back’, which refers to launching a counter-offensive against cyber hackers will receive a lot of attention but won't be implemented in most organisations according to WatchGuard.. WatchGuard anticipates most organisations won't implement these measures given the jurisdictional challenges of digital attacks that bounce through several countries.

We'll Pay for Our Lack of IPv6 Expertise

While the IT industry has been slow to adopt IPv6 into their networks, most new devices ship IPv6-aware and can create IPv6 networks on their own. Many IT professionals don't have a deep understanding of IPv6's technicalities, yet they have IPv6 traffic and devices on their networks. This also means most administrators haven't implemented any IPv6 security controls, opening the door to attackers looking to exploit unprotected weaknesses.

Android Pick Pockets Try to Empty Mobile Wallets

Based on the following three factors, WatchGuard expects to see at least one vulnerability, even if just a proof-of-concept, that allows attackers to steal money from Android devices.

Mobile malware is skyrocketing.

Cyber criminals are targeting Android devices more than any other because of the platform's openness.

People are increasingly using mobile devices for online payments. Plus, many vendors, including Google, are starting to launch Mobile Wallets, which attach credit cards to mobile devices.

An Exploit Sold on the "Vulnerability Market" Becomes the Next APT

WatchGuard expects that at least one auctioned-off zero day exploit will emerge as a major targeted attack this year. Vulnerability markets or auctions are a new trend in information security, allowing so-called ‘security’ companies to sell zero day software vulnerabilities to the highest bidder. While they claim to vet their customers and only sell to NATO governments and legitimate companies, there are few safeguards in place.

Andrew Wild, CSO, Qualys, predicts:

Growth of cloud computing will lead to increased security requirements

Increasing adoption of cloud computing and BYOD in the workplace means organisations need to be aware of risks and available security policies.

Enterprises are demanding more transparency from cloud providers as the market matures.

Enterprise will create or adapt existing third-party risk management programmes for cloud service providers.

Cloud service providers will be forced to conduct thorough risk analysis to assure clients that their data is safe.

Businesses are becoming increasingly comfortable with cloud computing, giving third-party providers the opportunity to demonstrate how secure they are.

Bringing BYOD under control

Organisations will develop strong asset management programmes due to the growth of BYOD.

Businesses need strong device detection systems to alert them to any unauthorized devices.

Organisations must possess an accurate inventory of all devices used in order to combat data leakage and similar security risks.

Heightened risk posed by hackers and malware

Organisations must find a balanced approach to employ against the heightened risk posed by hackers and malware. This approach must offer both detection and prevention.

Companies will be looking for people who can provide high-level threat analysis and correlation for them, rather than rely on in-house expertise.

There needs to be a way to correlate incidents with log data and provide analysis that can help develop effective responses.

Attacks against organisations continue to rise

97% of breaches that occurred in 2011 were avoidable with “basic” or “intermediate” controls – such as password policies or vulnerabilities management controls.

The “Data Breach Investigations Report” formulated by The Verizon Business RISK team in cooperation with the United States Secret Service claims that the number of compromised records increased from four million in 2010 to 174 million in 2011.

Every enterprise should therefore make end user education and password management a priority as well as implementing a strong vulnerability management program.

Paul Clark, Regional Director UK, Ireland, South Africa & The Middle East at Algosec, predicts:

Prediction #1: Rewiring how we look at security

We’ll continue to see the flood of highly-publicized security breaches (together with an unknown but likely higher number of unpublicized breaches) in 2013. It clearly demonstrates that we are not excelling at this task of preventing such attacks. The best approach to take is to assume you've been hacked – and map out your security policy. This thinking is often easier said than done. After all, assuming your organization has been hacked is like admitting you have failed in your role to protect it. But like it or not, no matter how good you think your perimeter and endpoint security is, there is an extremely high likelihood that malware is already inside your network. While it may take some rewiring of how we think about security and policies, if you take the approach of assuming you have been hacked it can go a long way to being proactive about possible attacks.

Prediction #2: IT Security and IT Operations teams will bridge the gap between processes

2013 will be the year when the wall traditionally separating IT security and operations teams will come crumbling down. Both groups will continue to face the challenges of managing, supporting, and securing more dynamic and complex networks with the same or fewer resources. These groups will re-examine the roles and responsibilities within the Information Security team as well as with the IT Operations team and identify areas - such as change management and audits - where both teams play a significant role. Additionally, by designing plans with your counterparts that address these situations (or other ‘knowns’ such as network upgrades, change freezes, and audits), you can minimize security risk from poor change our out-of-band change processes. To achieve this alignment, organizations must re-examine current IT and security processes and identify areas where to add or enhance the necessary checks and balances, without impeding productivity.

Prediction #3: The rise of bring your own network (BYON)

Bring your own device (BYOD) will evolve into bring your own network (BYON). Smartphones and other devices enable laptops to connect to the Internet via Wi-Fi hotspots, bypassing all of an organization’s network perimeter security measures: firewall, URL proxy, e-mail gateway, etc. iPhone users can easily turn their phone into a WiFi hotspot (Settings: General: Network, make sure “Cellular Data” is on and you will find a Personal Hotspot setting to activate). The challenge with BYON is that it gives users an easily accessible workaround to security policy. Improved security awareness across the organization is an important first step, though there is no easy way to enforce it. This will be an opportunity for security to respond and take appropriate actions