It’s the time of year again when IT security experts predict what the next year will bring. Today, we bring to Vigilance's readers the predictions of three IT experts as seen from their 'crystal glass'. Read on:
Darren Anstee, solutions architect team lead at Arbor Networks, predicts:
1) DDoS will become more visible as a business risk: Distributed Denial of Service (DDoS) has become a familiar term to many more of us over the past year. The mainstream press coverage of the attacks from Anonymous; our increased appreciation of the broader spread of motivations behind attacks; and the simple fact that many organisations have now experienced attacks have seen to that. Ideologically motivated attacks are often in the press, but many other attacks are motivated by extortion, the need for a distraction (from other criminal activity e.g. data-theft) and revenge; DDoS is even being used now as a competitive ‘weapon’ in some markets.
There can be no doubt that DDoS attacks pose a significant threat to the availability of our Internet services, and as we have become more reliant on these services for our business continuity the risk of an attack having a major business impact has increased. An increasing number of organisations now rely on the Internet to sell their products, offer their services, process transactions or to access cloud based data and applications. An attack can be very costly if we are not prepared.
In light of this, DDoS is starting to be considered alongside other threats to our business continuity (such as power failure, physical security etc.,) and the awareness within organisations is broadening. The tools our finance teams use to model risk are starting to incorporate cyber threats, and CISOs are being asked to quantify risk and plan accordingly. The availability of our Internet services is becoming as important as the confidentiality and integrity of our data.
2) Multi-vector DDoS attacks will proliferate: Not all DDoS attacks are created equal, there are actually three main categories of attack: Volumetric attacks, which are all about existing link or forwarding capacity either within or between networks; TCP State Exhaustion attacks, which are all about exhausting the state tables in our firewalls, load-balancers and servers; and Application Layer attacks, which are the stealthy more sophisticated attacks, and are aimed at exhausting application layer resources.
Attackers have learned that if they utilise multiple attack vectors at the same time their chances of taking sites and services down, and keeping them down, are increased; the recent spate of attacks against the US financial sector were multi-vector in nature.
In 2013 we expect to see more of these attacks, where multiple vectors are used and modified in real-time to counteract mitigation strategies as they are put in place. We can defend ourselves from DDoS attacks, but we need services and solutions based around Intelligent DDoS Mitigation Systems (IDMS) which are specifically designed to deal with the DDoS threat. If we put the most appropriate services, solutions, people and processes in place then we can make sure 2013 is not an unlucky year for our businesses.
3) Visibility WITHIN our network perimeter will become key: Much has been made over the last twelve months of the growing threat to our business data and intellectual property from advanced / targeted threats. Businesses are rightly concerned in this regard, but the way in which our services and network architectures have evolved has in fact made securing our data more difficult.
Traditionally we have secured the perimeter of our networks, but actually defining our perimeter has become more complex with increased user mobility, BYOD and use of cloud based services. And, the threats out there are much more sophisticated than they used to be, and the obfuscation techniques used to evade our IDS etc., have evolved.
Now more than ever we need three things: visibility of what is going on ‘within’ our security perimeter, so that we can detect threats inside our networks which may have evaded or bypassed our perimeter defences; intelligence on the behaviours and indicators we should look for to identify compromised devices; and forensics on what users and systems have been doing (potentially over an extended period), so that we can identify the extent of any compromise.
Adding these additional capabilities to our existing layered security models will likely be a focus for a lot of organisations in 2013.
Alan Dabbiere, Chairman at AirWatch, predicts:
The key trend affecting MDM in 2013 will be market consolidation. The research and development requirements are tremendous to keep up with the pace of innovation.
We see our clients adopting application management features: for example, app wrapping, object code injection, internal app stores. Further, our clients are adopting content management solutions to prevent data loss. A great example is United Airlines using our Secure Content Locker™ to send updated flight manuals to pilots, saving 16 million sheets of paper and 326,000 gallons of jet fuel per year.
2012 was just the tip of the iceberg for seeing mobile devices integrated into business processes. I expect that in 2013 companies will begin to expose the larger mobility opportunity that’s under the surface and begin to put strategic plans in place to address it. For instance, by integrating mobile intelligence into inventory practices, retailers can monitor trends, buying patterns and even the weather to estimate the amount of inventory their store should receive. If it’s a cold day and a grocery store is noticing that hot chocolate is flying off of the shelves, mobile intelligence can feed back into the distribution center and subsequently alter the shipment even if it’s already en route. If you consider the ramifications that too little or too much inventory can have on one store, they’re significant. By utilizing the latest technologies, retailers have more accurate inventory and a more efficient distribution process. Mobility is taking the power and the soft skills such as merchandising knowledge and the hard skills of mathematics and outside information like weather and creating a great deal of institutionalized knowledge like we’ve never seen before in the industry. Those who do not consider including mobile devices in their day-to-day operations will be missing a huge opportunity.
Andy Taylor, Lead IA Assessor at APM Group, predicts changes and developments in IA:
The changes in the government protective marking scheme will cause great consternation and potential for mistakes for all parts of the government at both national and, more especially, local levels.
There will be further significant stories appearing about how public and private sector bodies have got information security wrong resulting in the loss, the unauthorised access, and the inappropriate use of personal data.
The new system of “proving e-identity”, to be implemented by the Department for Work and Pensions on behalf of central government, will show that many commercial organisations know much more about us than we realise.
With more than half of EU countries having already implemented or planning, in the near future, to implement ID cards or their equivalent, the topic will be raised again within the UK as a pragmatic and sensible way to manage personal identification