We have seen a large number of attacks in 2014, with many more not being disclosed to the general public. The market is scrambling to launch an ever more sophisticated array of tools and services, but the generally disorganized and loosely coupled nature of most large IT deployments make a comprehensive, airtight security layer very difficult. Criminals are also getting smarter and more targeted as basic defenses rise. As we approach 2015 I believe we will witness the following trends:
- More data wiping attacks: With the recent Sony breach, there was little attempt to hide the fact that an attack had taken place, and a deliberate effort was made to erase data and eliminate forensic information about the breach. To mitigate, real time backups of critical information will be important, as well as better monitoring to detect intruders.
- More insider attacks: More insiders will be brought into play by outside companies offering financial incentives. These individuals may be contractors or employees that work for a few months and leave, taking a strong understanding of the defenses with them. Prosecution will be harder if they are already gone when attacks occur.
- Continued assault on credit cards: As the financial industry and retailers struggle to catch up to Europe with new chip based credit cards, the current base still represents a slow moving target with much to offer cyber-criminals.
- Continued legislative and industry shortfalls: A unified defense helps greatly, but except for a few notable exceptions, sharing is not happening at a useful level between companies, industries and the government. Trust is critical and hard to create, but real time, interoperable sharing capabilities also continue to lag.