We don’t know what next year has in store for us, yet predictions are always useful to be better prepared for what might be around the corner. This also applies to IT security. If we analyze current trends in vulnerabilities and attacks, we may be able to forecast patterns for the future and avoid the dangers.
The Spanish government’s National Intelligence Center publishes annual reports detailing the main threats to businesses and organizations, and those that can be expected to be prevalent the following year. Here we outline the eleven most notable dangers expected in 2015 so you can start to take measures before it’s too late.
- Cyber-espionage has been the single greatest threat in recent years and this can be expected to continue over the next few months. Cyber-criminals will continue working to improve methods to attack organizations and companies, as well as making them more difficult to detect.
The simplest strategy is to choose targets with the least protection, such as contractors, suppliers or private computers. They often use social networks to gather basic information and then use the data on Web services and email. - It is also important to keep a close eye on a factor that is often ignored: outdated operating systems. Microsoft stopped supporting Windows XP last April, so any vulnerabilities discovered since then won’t be patched, making it an easy target for criminals.
- Next year, just as we have witnessed in the last few months, there will be no shortage of ‘watering hole’ attacks. In this strategy, cyber-criminals observe the websites most visited often by an organization and then infect the pages with malware knowing that sooner or later some computers in the targeted organization will be infected.
- Something else to bear in mind when talking about threats to companies are mobile devices, as a lot of corporate data now passes through them. The best thing is to protect both smartphones and tablets with an antivirus for Android.
- Social networks also represent a possible entry point for cyber-criminals. The professional or personal profiles of employees on sites like LinkedIn or Facebook can be used to get to their email addresses. They are then sent malware via email in the hope of compromising the company’s systems.
- Many attacks target data stored in the cloud, as well as that stored on corporate networks. If the information is not properly protected, it can be easy to access files in the cloud. You can never take too many precautions when protecting data from threats.
- Another negative statistic is that studies indicate the increasingly sophisticated and damaging malicious code in circulation takes longer to detect. The same thing goes for the removal of malware from infected systems.
- Complex attacks on large companies with many systems and admin platforms can go undetected for long periods of time.
- However, attacks are no longer limited to computers. Many phone lines are associated to inter-communicating systems, such as alarms or dataphones. ‘Machine to machine’ or M2M communication is the basis for the ‘Internet of Things’.
- Home automation systems and devices, as well as industrial control systems, have begun to suffer from the first attacks by malicious software. Embedded systems in security cameras and monitors could be compromised if the program developer does not implement adequate protection measures.
- Cybercrime is constantly developing new strategies to evade ASLR mechanisms. This automatic process protects the security of operating systems by saving key program data on strategic areas of the hard disk to prevent hackers from deliberately accessing it.
We’ve given you a few pointers, it’s now in your hands to prevent these sorts of attacks. Keeping your computers protected with a corporate antivirus and updating your software are two key practices that you should encourage in your company.