It is clear that the variety and frequency of attacks are on the increase. However, the concern is not limited to the number of attacks. IT security professionals are also concerned with the nature and “quality” of new threats. “The methods of attack are not only increasing, but also becoming more sophisticated, specific and targeted. Once determined to launch a targeted attack, your opponent can, and will, create a customised method of attack to compromise your environment, and will eventually succeed,” says Ghassan I. Alkahlout, Regional Director, Nexthink.
The last year has been tumultuous in the world of IT security. Though IT security is always host to a changing landscape, it seems that this year, more than ever, hackers and other technology villains have been top news. From hacktivists to cloud leaks and buggy code, it seems each week there is a new headline about IT security. On the surface, the future may seem grim – however, hope remains.
According to IDC’s Worldwide Mobile Worker Population Forecast in 2012, there will be 1.3 billion mobile workers by 2015 – which is approximately 37 percent of the world’s workforce. Thus, security concerns in 2015 are likely to turn mobile. As the work force becomes more mobile and companies adopt BYOD policies and other initiatives that mobilise their employees, the frequency of threats on mobile infrastructure will increase. In short, with freedom comes risk.
For some IT security professionals, the answer to avoiding threats presented by mobility is an exercise in Occam’s Razor – simply don’t employ things like BYOD in the workplace. “BYOD isn’t going away, but it is critical that CIOs acknowledge it may not be for everyone. It calls for tough choices – but it does not mean organisations need to compromise on productivity for their employees,” Nader Henein, Advanced Security Solutions, Advisory Division BlackBerry Middle East.
In addition to workplace mobility, things like mobile payment methods and M2M communications will be flooding data centres with precious and valuable information. As such, IT professionals will be hunting for new ways to protect their data centres.
The threats created by disruptive technology, however, will not go unanswered. “Data analytics will be deployed across security solutions for threat detection and for remediation activities,” says Firosh Ummer, MD EMEA, Paladion Networks, “Enterprises will create architecture to break the silos of security data so that uniform decisions can be made. Enterprises will deploy more mobile applications and cloud applications, which will see increase in attacks on such infrastructure.”
Glen Ogden, Regional Sales Director, Middle East, A10 Networks, agrees that 2015 will be all about protecting the data centre. “In 2015, organisations will be looking to deploy next generation Application Delivery Controllers (ADCs) that help organisations safeguard their data centre infrastructure. Deployed in the heart of the data centre ADCs can block attacks, intercept and inspect encrypted traffic and prevent unauthorised access to applications.”
The data centre is not the only point of vulnerability when it comes to 2015’s IT security scene. While the data centre may be the end-point for many cyber criminals, access to information more generally is the name of the game. According to Shireig Nosseir, Security Solutions Regional manager, Eastern Europe Middle East and Africa, CA Technologies, the creation of multiple identities will open the doors for potential hackers.
“The new wave of threats focus on targeting identities, particularly privileged identities such as IT administrators, service accounts, embedded passwords in scripts, as well as business related identities for people in key roles with access to sensitive information such as executives, finance, HR, research and development and more,” he explains, “As we say in the IT security world, privileged identities hold the keys to the kingdom.”
In addition, our means of communications are rapidly becoming prime targets. The news headlines are rife with stories of DNS related exploits. “Recently, the weak-point being exploited – independent of the region and specific technologies that have been deployed –has been the foundation of the internet itself – when we look at this foundation, we are talking about Domain Name Service, or DNS. DNS fundamentally allows people and organisations to communicate, transact and conduct business in the most intuitive way possible,” Cherif Sleiman, General Manager, Middle East, Infoblox.
The Internet of Things and M2M communications will also increase the potential attack surfaces of businesses and consumers. Simply put, more transactions will translate into a greater vulnerability as well as a higher payoff for successful cyber-criminals. DDoS attacks are also on the rise. “The positive news in regard to DDoS attacks is that while prediction may be difficult, protecting against one is less so. The priority is to keep applications, services and network protected without stopping legitimate traffic,” says Gary Newe, Technical Director, F5 Networks.
The good news is that IT professionals, CXOs and, for that matter, all end-users seem to be becoming more informed when it comes to IT security. Chester Wisniewski, Senior Security Consultant, Sophos agrees that education and awareness are key in the prevention of cyber-attacks and, ultimately, data loss. “Whether you are an IT professional, entrepreneur, or individual user, chances are you are getting smarter about security too,” he says, “You should be making sure all your systems are protected, whatever conventional or mobile platform they are running on. Shrink attack surfaces by eliminating platforms like Java where you don’t need them. Stay up to date with patches, because most attacks are aimed at old vulnerabilities.”
Though security firms are fast coming out with responses to the increase in threats, the best prevention remains learning and implementing best behavioural practices. While best practices may adapt in response to changing threats, IT professionals need to stay abreast of changes in best practices and, moreover, work on educating their employees on the best ways to protect their weak-points.
In all, it seems like 2015 will be an amplified version of 2014 when it comes to IT security. Attacks against individuals and businesses will increase, of course, and IT security firms will come hard and fast with breach prevention technology. There will be new technologies that will alter the methods of cyber-attacks and, in turn, response protocol and technology will adapt. The back and forth between attackers and IT security professionals is never going to end. The best thing to do is maintain a keen awareness of changes in the threat landscape for 2015.