Below are security predictions for 2015 from AppRiver, Pirean and Voltage Security.
AppRiver Predicts 2015 Threat Landscape:
AppRiver has issued its predictions for the coming year. Its team of analysts have used indicators gathered from analysis of recent malware developments and criminal activity to determine how the threat landscape will evolve in the near future.
It predicts that:
The bevy of 2014 breaches, and the abundance of credit card and other personal information obtained from them, will lead to an increase in spear-phishing and other more targeted attacks in 2015.
Point-of-Sale Malware will continue to disrupt big box stores, retailers and restaurants.
The uptick in critical vulnerabilities seen in the last few months will continue as further unexposed weaknesses in widely used platforms and protocols will continue to be a goal for attackers.
Speaking about these predictions, AppRiver’s senior security analyst – Fred Touchette, said, “So much private personal information exists on the cyber underground now that criminals will be able to put together very specific personal profiles of their targets thanks to these breaches and coupled with further information gleaned from social media. Recent highly effective social engineering ploys, such as those utilised in Ransomware, will continue to terrorize businesses and, while the criminals may begin to get away with less money through awareness and proper backup procedures by the intended targets, there will still be plenty of unsuspecting victims whose data will be at risk and likely compromised, still costing the business itself.”
Speaking about POS malware, Troy Gill - manager of security research for AppRiver adds, “These programs are often simple in design and have one job - to siphon credit card and account information from transactions as they happen. The seemingly simple nature of how they make their way into systems is troublesome and is a sure sign that these systems will continue to be major targets throughout 2015.”
Other areas where AppRiver’s security analysts voice concerns are: the widening use of individual cloud storage services posing a greater risk to personal, as well as professional targets, as company documents and data comingle with personal files in the cloud; increasingly sophisticated malware will continue to defeat detection by hiding in common services and using non-traditional forms of communication such as TOR or Peer to Peer; and acts of cyber aggression will continue between many nation states including the U.S. and China, as well as remain a tool of warring nations.
However, it’s not all doom as it also believes mobile payment systems will work aggressively to make digital payments through services such as ApplePay, Google Wallet and CurrentC far more secure.
That said, Jon French – security analyst at AppRiver concludes, “Vendors have been trying hard to change the way we make transactions - with features such as Near Field Communication and virtual wallets in our mobile devices. Unfortunately its early adoption has left a bit too much to be desired, thanks to security issues, so we can expect mobile payment systems and its architectures as a highly likely target of attack.”
The Identity and Access Management Market in 2015
By Colin Miles, CTO Pirean
The Identity and Access Management (IAM) Market continues to grow, with analysts predicting a significant continued increase in spending from enterprises large and small. As 2014 draws to a close, we take a look at the key factors driving this investment and make our predictions for how the IAM market will continue to evolve in 2015.
IAM solution time-to-value decreases again, bringing new opportunity
It’s no secret that IAM projects have traditionally come with some baggage. Often seen as requiring complex, lengthy, costly and disruptive integration projects this has lead to IAM being seen a necessary undertaking only when security or compliance concerns grow so great that business and technology leaders are reluctantly forced to mobilise. For 2015 however there are signs that this is a view that can increasingly be consigned to history. The long-term investment and growth seen in the IAM market has brought a wealth of technology innovation and an inevitable adjustment to meet wider IT market pressures to deliver in a simpler, leaner and more agile manner. Scepticism around IAM projects that promise to enable the delivery of rapid Return on Investment has ben worn down by the growing catalogue of real-world projects that are enabling business to deliver wide scope, high quality services to new audiences across a range of channels. At last IAM leaders can face the business with a new and very real proposition. Our project can add value to the bottom line quickly, so when do you want to start?
IAM to help meet the growing demands for improved online security
For all of the recent encouraging noises around IAM being able to distance itself from being primarily seen as an IT security lead solution, 2014 has also been a year where the reality of the vulnerabilities of an increasingly IT dependent world have also hit home. Major technical bugs such as Heartbleed and Shellshock have caused fear and alarm, while the nefarious activities of unknown hackers have laid to waste many false assumptions about the privacy of information that is held on-line – both at a personal and a corporate level. While the underlying risks that these events have brought to light aren’t exactly new, the changing perception of IT security and user behaviour that these incidents are driving do have considerable implications for the modern enterprise. Consequently in 2015 we expect to see that the IAM market will be shaped more and more by the reality of consumer demand as the calls for functions such as strong authentication and rigorous control over privileged access to systems and data increases. We expect to see the adoption of related IAM technologies grow as these components become a part of standard IT systems architecture, not just a nice-to-have addition.
Consumers want a better experience – and IAM holds the key
In 2015 we expect the IAM market to continue to adapt to the view that there is an increasing commonality between the IT service demands of all users - be they colleagues (B2E), partners (B2B) or consumers (B2C). The wide adoption of mobile computing is one of the factors driving this change, but this is also underpinned by the expectation from users that the very best experiences from their personal online interactions (for example, using social media services) should also extend into their interface with any enterprise service. The internet is driving a new era of connectedness and collaboration that by it’s nature needs to be built around a focus on identity and online relationships. Here IAM can now be seen as the cornerstone of any online service – setting the tone for a strong user experience right from the start – from service registration, through to login, account management, forgotten details and more. Hence, our prediction for 2015 is that most IAM conversations will start with a focus on the user experience, not just address it somewhere along the way.
Identity and the Cloud – the continued evolution of IDaaS models
In 2015 the IAM market will need to keep pace with the demands for new delivery and pricing models that are shaping IT across the board. Identity and Access Management as-a-Service (IDaaS) models are already gaining good traction in the market with a solid business case for helping the enterprise manage access for an ever broadening array of SaaS applications. In the coming period we expect to see a further evolution of IDaaS to go further in meeting the goals that align to more traditional Identity Governance programmes. The goal here will be to deliver a greater degree of integration between on-premise and cloud based services, but in a way that does not compromise the key benefits (lower cost of ownership, quicker time to value) that any as-a-Service platform brings. We therefore expect to see the best IDaaS solutions being those that go beyond the promise of integration with a myriad of SaaS applications, to those that extend into the enterprise too – working with enterprise directories and other existing on-premise repositories of user data to bring advanced functions for controlling and managing access at a deeper level.
IAM to enable Enhanced Security Intelligence
We already know that IAM can bring value to the business over and above the value of the IAM controls alone. In 2015 we predict that this trend will continue as we build better and deeper integrations with complementary enterprise technologies such as Security Information and Event Management (SIEM) and Business Intelligence tools. Here enterprises can expect to get an enriched view which combines and understanding of ‘who has to access to what’ with ‘who is accessing what’. Such approaches may be used to aid the investigation into security events or improve the remedial actions that are taken when risks are identified (for example, suspending all access for a user where suspicious activity is spotted). Furthermore bringing these technologies together will help enhance the security posture of any enterprise by delivering a focus on the activities of privileged users themselves – helping to enforce critical protection for another significant focus area for 2015 - the insider threat.
Mark Bower, VP Product management, Voltage Security:
· In 2015, two types of enterprise will emerge: Those that can succeed with big data and use it to their advantage by de-risking it, and those that don’t. The latter will become the first in a new class of mega-breach victim. Breaches in 2015 will involve even more sensitive consumer data: a risky blend of the typical personal and payment data, combined with detailed location, behavior and social data, enabling attackers to explore new forms of blackmail and identity theft as a consequence of intimate consumer mimicry and deception .
· In mid-2015, the first visible signs that attackers are shifting their energy to stealing card data from vulnerable e-commerce platforms will emerge as the US retail industry shifts to EMV and wallet based physical payments. This will mirror the theft and fraud shift in Europe as chip and PIN was introduced several years ago, and likely result in at least one major e-commerce breach during the year.