10 Security Predictions For 2014
2013 Shapes The Year Ahead
The security industry is leaving 2013 under the specter of the potential fallout from the widespread concern over the extent of the National Security Agency surveillance activities. The constant NSA leaks have focused attention on cloud security, data protection and insider threats. Over the year, the security industry saw growth in malware analysis technologies for advanced threat detection, with FireEye and Palo Alto Networks attracting attention with their suspicious file analysis platforms. Reports on cyberespionage activities and custom malware helped stir interest in threat intelligence data that helps provide businesses with information to help make risk-based decisions.
Every year security vendors prepare predictions lists that help bolster the products or services they offer. CRN culled those lists in order to highlight many of the themes that will impact the security industry in 2014. The trends identified here may help resellers, systems integrators and consultancies determine where they might see the most interest in technology and services from clients.
10. Getting Back To The Basics
Security firms say attackers are constantly exploiting known software vulnerabilities and configuration weaknesses. Even well-funded cybercriminals that carry out advanced persistent threats look for the easiest and most cost-effective way to gain and maintain access to corporate systems. Conducting an analysis to identify vulnerabilities, prioritize patching and maintain proper system configuration could be a growing trend in 2014 at businesses, according to endpoint security vendor Total Defense.
Security experts at managed service providers and resellers with strong security consultancies tell CRN that businesses are increasingly seeking risk assessments in an effort to update and reshape their security programs. Often those assessments lead to simple changes, including fine-tuning existing security appliances for better performance and implementing a strong security awareness-training program for end users.
9. Detection Rather Than Prevention
A variety of security vendors are predicting a growing need for incident responders and computer forensics experts to help investigate suspicious activity and contain active threats on the network. Many of the latest technologies provide detection capabilities, but they still need systems experts to determine the extent of a potential threat.
In addition, managed services providers say they are helping provide active monitoring and maintenance for network monitoring appliances, increasingly for proactive log management for businesses. They often aid firms that don't have the staff on hand to find suspicious behavior and investigate it.
8: Active Defense To Gain Broader Adoption
Juniper Networks is predicting more firms will also adopt active defense techniques to help trap attackers, deceiving them into thinking they have gained access to sensitive systems. Intrusion deception, according to Juniper, could help frustrate the efforts of cybercriminals and increase the cost of carrying out an attack.
Security firms such as Crowdstrike and Cylance are combining threat intelligence to help aid active defense postures. But security vendor Websense, in its prediction, warns that businesses that engage in "offensive" security tactics could lead to a misattribution of an attackers source. The firm said a retaliatory strike against a perpetrator could result in an innocent organization being caught in the crossfire in 2014.
7. Growth In Behavioral Analytics
Security vendor Trusteer, recently acquired by IBM, is predicting continued growth in technologies designed to track user behavior and spot suspicious activity that could signal a threat. FireEye CEO Dave DeWalt told CRN that firms are investing in products that specialize in network analysis, malware inspection and endpoint behavioral analysis in an attempt to speed up detection and contain an attack before data is leaked.
A recent report by Forrester Research highlights the growth in technologies to help prevent employee errors that could lead to data loss. Anti-fraud systems, designed to protect suspicious activity at e-commerce websites could be turned internally to spot malicious employee behavior. And Jason Clark, chief strategy and security officer at Accuvant, recently told CRN that he sees a rapid growth in behavioral analysis and data analytics brought on by the NSA surveillance program leaks.
6. NSA Leaks Fuel Data Protection, Internal Threat Detection
Security vendor Trend Micro said the erosion of public trust in technology firms, mired by leaks about state-sponsored monitoring, will result in a variety of efforts to restore privacy. Some security firms predict the continued sluggish adoption of cloud computing, with some firms stalling on migration plans. Other security experts predict that businesses will focus on insider threats to ensure processes are in place to spot malicious behavior as well as employee errors that lead to data leakage.
Executives at Cisco Systems, Juniper Networks, McAfee and Symantec see increased adoption of encryption. Security experts in the field say some firms may need to assess whether their current encryption deployment is properly configured and maintained. Attackers can often find and bypass poorly deployed encryption schemes.
5. Malware Writers Get More Crafty
Some security firms are predicting that malware writers will copy the success of Cryptolocker with additional ransomware attacks in 2014 that lock victims out of their files and then attempt to extort payment to unlock them.
Other firms see more widespread attacks with increasingly sophisticated malware. Security vendor Sophos predicts a new wave of powerful exploit kits that can help less savvy cybercriminals carry out sophisticated attacks. Security firms point to Redkit and Neutrino, two strong automated attack toolkits that are taking the place of the notorious Black Hole exploit kit, as a sign that the onslaught of attacks will continue.
Security vendors say modern malware is increasingly using stronger encryption and other ways to thwart detection. Malware is being coded with evasion techniques that mimic system processes or execute only when a mouse button is clicked. It can also detect file analysis environments and remain dormant to fool automated platforms from FireEye, Lastline, Palo Alto Networks and others.
4. Basic Hacking, Targeted Attacks Will Reign
One vendor is betting against an increase in sophisticated malware. Websense said its research indicates some cybercriminal gangs are turning away from the use of high-volume, advanced malware because over time it runs into a higher risk of detection. Websense predicts an increase of smaller-scale, targeted attacks designed to steal user credentials to gain initial access to the intended target. Researchers at security firm Trusteer, recently acquired by IBM, point out that smart attackers will revert to old-school hacking techniques to bypass many of the advanced detection mitigation technologies currently on the market. Trend Micro and other security vendors point to an onslaught of targeted phishing attacks and watering hole-type attacks as a sign that most cybercriminals are intent on getting their hands on account credentials. Focusing on developing secure software, patching endpoint systems and devices and eliminating configuration weaknesses could help greatly reduce the risk of a serious security incident, say experts. See the first prediction in this list.
3. Mobile: What Deserves Protecting?
Most security firms predict the continued rise in Android malware and other mobile attacks targeting smartphone and tablets devices. To address mobile threats, security experts say businesses will adopt new ways to protect corporate data on the devices. Rather than protecting the entire device, the focus will be to access control, encryption and other measures designed to govern how employees use corporate data in popular mobile applications.
Predicted threats include a rise in man-in-the-middle attacks designed to intercept mobile banking and payment transactions. Also being predicted is a new breed of weaponized mobile apps that could mimic legitimate applications, but they target back-end processes to evade detection. And removing malicious apps won't be as easy as uninstalling them.
2. Attacks Could Get Destructive
Experts at managed security services providers told CRN that they had to wipe entire systems at some small and midsize businesses as a result of a Cryptolocker ransomware infection. Some security firms predict 2014 will bring a new wave of destructive attacks -- not the kind of attacks that some have warned could bring down critical infrastructure, such as power grids and chemical refineries, but instead hacktivist group attacks that are designed to spread quickly through a corporate network and wipe data. The malware could also be coded to seek out cloud-based and networked backup systems.
The Shamoon attack against Saudi Aramco in 2012 wiped out about 30,000 of the firm's workstations, crippling its operations for at least a week. This style of attack could be repeated by a group intending to make a statement, security experts warn.
1. Collapse Of The Internet
Alex Gostev, a security researcher at Kaspersky Lab, warns that the NSA surveillance revelations could cause the Internet to break up into "national segments," which would have serious consequences for the security industry. Kneejerk reactions by lawmakers in some countries to limit foreign access to data inside their boarders could lead to technical problems and ultimately widespread system failure, according to Gostev.
Other prominent security experts have also warned of the potential for problems. Huawei Technologies U.S.A. CSO Andy Purdy told CRN in October that he believes the potential exists for new laws requiring restrictions in different countries that could hamper adoption of new technology and hinder global commerce. Purdy, the former acting director of U.S. CERT's national cyber division and former White House advisor on critical infrastructure protection, said new government restrictions being considered in various countries can complicate an already difficult regulatory environment for multinational companies.