The year 2012 saw an increased growth in targeted attacks that proved successful in disrupting service and fraudulently obtaining significant amounts of intellectual property. Experts say, 2013 is likely to see significantly more targeted attacks and targeted malware. This type of attack is more difficult to protect against.
McAfee brings top 10 enterprise security predictions:
Targeted attacks: Uniform attacks are still out there but as soon as they are identified and a security fix is released they are no longer effective. One disturbing development in this trend across 2012 was that we started to see more targeted attacks that also destroyed evidence of the attack afterwards and we are likely to see this continue. We have seen attacks where 30,000 hard drives were left non-operational after an attack. Dealing with the clean-up distracts, the IT administrators who don’t immediately realise they have been hacked. It also adds to the difficulty in ensuring effective incident response as hackers literally attack any hardware on the way out. Protecting against this will be a major challenge – particularly for enterprise and government.
Signed malware: Signed malware was prevalent in 2012 and this is likely to continue. Signed malware is present when a hacker obtains a digital certificate from an organisation and appends it to malware, allowing the malware to pass through an organisation’s operating system. Stuxnet is a high profile example of this threat. There will be a large increase in this type of threat and it will be harder to stop because it appears more legitimate.
Big business at risk: Enterprises can be at a higher risk of an attack as there is often a greater attack surface and more ‘visibility gaps’ in their security posture. With targeted attacks on the rise, the motives to target a large enterprise are often greater than a smaller organisation.
Non-Windows attacks: We suspect non-Windows attacks will continue to increase in 2013. Android devices are now the highest selling mobile devices in the Asia Pacific market and hackers will take advantage of that by developing mobile malware. Consumers aren’t the only ones at risk of mobile threats. Enterprises, particularly those embracing Bring Your Own Device (BYOD), are also at risk. Interestingly, the mobile malware growth rate is similar to what we saw for Windows malware some time ago, which shows it is a genuine threat. McAfee’s Q3 Threat Report for 2012 showed mobile malware almost doubled when compared to the previous quarter’s numbers.
Ransomware: This will also be prevalent in 2013. Ransomware is operated by encrypting files on a victim’s computer which can only be unlocked by paying the criminals a ‘fine’. It has been a big issue in other countries around the world in the past.
Impact of changing regulations: The Indian banking regulator (RBI) has generally been proactive in advising banks on issues relating to security and has acted as an important institution to drive the importance of this matter at the level of Board of Directors. According to the Reserve Bank of India report released in January 2011, the regulator acknowledges that given the increasing reliance of customers on electronic delivery channels to conduct transactions, any security related issues have the potential to undermine public confidence in the use of e-banking channels and lead to reputation risks to the banks. The regulator has institutionalised a whistle-blowing system by means of a quarterly assessment of all banks towards their progress on these guidelines in the AFI (Annual Financial Inspection) cycle 2011-2012. To conform to these guidelines, financial services organisations in India will need to demonstrate compliance with RBI regulatory mandates, which include data protection, event collection and analysis, endpoint controls, and related security measures.
Need for incident response: In 2013, I expect organisations will have to review their processes for dealing with a targeted attack. If the organisation falls foul from a targeted attack or Advanced Persistent Threat (APT) they will need to adopt a process of incident response and many organisations don’t necessarily have the technologies in place to ensure timely investigation and remediation is possible .As such, solutions providing incident response capabilities will become a security infrastructure priority for many organisations over the next year.
Security Process Automation: Interestingly, many organisations’ cyber security function is one of the only IT functions that have not yet leveraged the speed, visibility and comprehensive capabilities provided through automation. With an increasing number, variety and complexity of the threats faced by organisations, many security technologies still require significant hands-on management. We expect that IT managers will have to embrace security automation in order to keep up.
Connected devices: We also anticipate the growth in number and variety of new connected devices will provide additional gateways for hackers to access personal or business networks – these ‘connected devices’ include connected homes and connected cars. While the home or car may not be hacked, they are used as a vehicle to access other networks.
Bring Your Own Application (BYOA): With BYOD comes Bring Your Own Applications where many employees are now downloading Apps within the organisation. As a result IT Administrators are losing control of what tools and applications are used inside the Enterprise and business users (often lacking in an understanding of the potential security risks these applications can pose) are becoming their own system administrators. There are many examples of Apps that transmit information with no security, Apps that leak sensitive information, through to Apps that are malicious and place the user and the information at risk.