If the number of data breaches and cyber vulnerability reports weren’t enough to scare security executives in 2012, new threat predictions from network security appliance maker FortiGuard Labs on what awaits individuals and organizations next year just might. Based on data collected from its FortiGate appliances and other intelligence systems, the company is forecasting how the IT security landscape will change.
Among these predictions include:
- Advanced Persistent Threats (APTs) that target individuals through mobile platforms
- Single password sign-on being replaced two-factor authentication
- Machine-to-machine (M2M) communications exploits
- Potential circumvention of "sandboxing" (the practice of separating running programs and applications so malicious code cannot be transferred from one process to another)
- Cross-platform botnets
- Mobile malware growth to close gap on laptops and desktop PCs
Perhaps the most disturbing of the aforementioned security threats from a CSO or CISO perspective, according to Derek Manky, senior threat researcher for FortiGuard Labs, is APTs and the potential for data leakage from an executive’s mobile device.
"Any C-level (executive), of course, would have a mobile device, likely a smartphone. Thus, these will become valid targets to start getting things like email account credentials," he said. "These individuals have the keys to the kingdom, top of the chain and are usually easier targets for attackers than someone who may have a dedicated role to security. Once they get access to the top, they can infiltrate the rest of the system from there."
The proliferation of mobile devices in the workplace has made them a bigger target for hackers, but Manky says that the same security best practices that apply to a laptop can also be used for smartphones. "The same concepts apply to that of a laptop as a core practice," he says. "Proper security where you connect your device to (webfiltering, antivirus, etc.), but also, education is key - particularly with applications. Many infections come through malicious applications, so be wary and do your research of an application before it is downloaded."
Another threat that has gained attention recently is the potential for cyber criminals to hack into machine-to-machine communications, including medical devices such as insulin pumps and oxygen regulators. While the simple answer may be to take these devices offline, Manky says the fact remains that they have been brought online to better improve their overall functionality and that providing better protection for them is the better option. "So, protection comes down to having proper industrial control security in place at the perimeter at the very least - where the Internet meets the gateway to these machines," he says.
Despite the fallout and awareness raised by high-profile data breaches in recent years, Manky believes the high rate of breaches will continue. "The unfortunate part is that these data breaches happen over and over because of the same reason - unpatched system, poorly coded websites that allow things like SQL injection attacks," he said. "Until these basic practices are taken care of, this pace will continue."
Manky says that a combination of factors are to blame for these increasing threats to cyber security.
"The main problem is that there are lax or non-existent laws – there’s a lot of potential money someone can make for relatively low risk. At the same time, all of the tools are out there - crimeware (advanced attack code) is available for purchase. Crime services (consulting, hosting, etc.) all exist as well," he said. "Elements are in place so much that with some investment in hand, you do not have to be technically adept anymore to successfully launch an attack, which means more players in the game - from the bottom to the top, even state-sponsored."
While the cyber security landscape may seem to be doom and gloom, Manky recommends six steps organizations can take to minimize their vulnerabilities which include:
1). Having a proper security framework in place that offers multi-dimensional security and allows visibility into threats that a) attempt to get into your network, and b) already exist on your network.
2). Governments should work with the private security sector to improve the overall security of the threat landscape. Corporations should also work with security vendors to better understand the threats that are on their system.
3). Understand what assets and weaknesses you have in your network.
4). Educate. Hold security briefings or seminars for everyone involved on the network.
5). Have proper security policies in place like password enforcement and use two-factor authentication/ token-based security technology.
6). Have a proper IRP (incidence response plan) in place. Be prepared to deal with breaches by thinking about possible attack scenarios and what you would do ahead of time.
