With the RSA Conference just behind us and the Infosecurity Europe conference in London coming up, it is worth taking a look at the top five cyber security threats that will be on the minds of the event attendees and other security professionals tasked with managing cyber risks across enterprises and government agencies in the coming months.
Before we assess where we are heading, let’s review where we are now. We kicked off 2011 with a large number of sophisticated cybercrime groups active around the world and with new types of criminal groups that have developed a specific expertise within the cyber security supply chain. As a result of the increased number of active cyber criminals, we believe there is more malicious software developed and distributed around the world than ever before.
Yet, despite the increased risk, most companies can’t identify the origins of the threat and the extent of the attack. According to the Identity Theft Resource Centre, out of the 662 breaches it registered in 2010, close to 40% of the listed breaches had no cause specified (i.e., the company didn’t know where the breach came from), and nearly 50% of the breaches did not list which records were compromised.
It is likely that the number of cyber criminals will rise even further in 2011, resulting in more malicious software distributed and more incidences of cyber security breaches. We believe that the following threats will be prominent over the coming months:
1. Traditional malware
Traditional malware will remain the primary mechanism of distributing software to computers on the internet. As F-Secure reported in 2009, there was a three-fold increase in the number of malware detections between 2007 and 2008, and a 15-fold increase over five years prior. More recent numbers from McAfee indicate roughly 55,000 new malware pieces identified every day, which continues the exponential growth pattern into 2010. This trend will only continue.
Trojans will likely remain the main vehicle for malware distribution. In many instances they could be disguised as a document (e.g., PDF file).
2. Shift to advanced persistent threat (APT)
Attacks will be more advanced, targeted at a specific institution with a goal to acquire specific data. Oftentimes described as Advanced Persistent Threat (APT), these attacks are designed to infiltrate an organisation, hop the firewall and acquire a target. Once the software gets behind the firewall, it hops around the organisation investigating and gathering information about the internal system. It then uses this information to gain privileged access to critical information (e.g., transactions processing, customer lists or HR records) and begins stealing sensitive data. Without proper monitoring in place, it can be weeks or months before an organisation detects that it is under attack.
3. Focus on finance, hospitality and retail
Financial services, hospitality and retail industries will face an increased number of threats. As data from the 2010 data breach report issued by the Verizon RISK team and the U.S. Secret Service shows, these three industries combined currently represent 71% of all data breaches.
4. Mobile devices increase vulnerabilities
Seven out of ten companies still don’t have explicit policies outlining which devices can be logged on to the network or on working in public places, as reported in the 2010 Visual Data Breach Risk Assessment Study commissioned by 3M.As more people work and access information remotely, the threat levels from existing vulnerabilities will increase and new ones will appear.
5. Hactivism as a new type of threat
The most visible example of hactivismwere the recent attacks by Anonymous, a group that targeted MasterCard, Visa and PayPal after those companies cut off financial services to WikiLeaks. We may see more of these types of attack by groups representing political and environmental organisations.
Just two years ago, “cyber” was not a topic frequently featured in mainstream news. Today, even some of the tabloid media is covering the subject. Cyber threats have risen from an IT issue to a topic of strategic importance to companies and governments around the world. It seems many organisations are starting to discuss the importance of cyber defence. This year, we will see whether all the talk will bring with it swift action.
Blog post by Aarij M Khan, director of product marketing, ArcSight, an HP company