While attackers have traditionally used indiscriminate tactics, such as malware, to mine for information, Websense believes they will begin to use targeted attacks in the coming year. Although the decrease in malware at first sounds like a positive prediction, the company cautions that targeted attacks can be more dangerous because they are more difficult to detect.
It has also predicted that a major data-destruction attack will occur in 2014.
“Right now, you have politically-motivated groups that are mostly just trying to get their name out there and to create awareness,” Watson said. “They’ve done that by compromising sites like Twitter, or hijacking accounts, the New York Times, things like that. I think people are getting increasingly aware, and even starting to tune out when those types of attacks happen.
“The prediction we made about major data-destruction is based around these politically-motivated groups that are trying to make a statement, to remain in the public eye. It absolutely is possible to destroy data, and that definitely grabs public attention when it does.”
Among the predictions was the assertion that attackers will be more interested in the cloud than traditional networks in the coming year. Businesses are increasingly placing critical data in the cloud, and this presents a golden opportunity for attackers to mine for information – especially because there are fewer security controls for the cloud than there are on traditional networks.
Java will continue to be vulnerable in 2014, as organizations neglect to patch or update their software despite reports of numerous successful exploitations in 2013. Websense encourages companies to either patch their applications or simply uninstall Java when it’s not in use.
The predictions report also touched on the use of social media in attacks, although the company notes that adversaries will turn their focus to LinkedIn rather than Facebook and Twitter in 2014.
“LinkedIn and things like that are a goldmine of information for attackers to learn about inherent trust relationships between businesses,” said Watson. “What they’re taking of advantage in those types of attacks is people, so I recommend security awareness programs to train [employees] to think twice before opening an executable that comes in an email.”
The report – and Watson’s recommendations – highlight the fact that traditional security software is no longer enough to protect data from adversaries. It still has its place in enterprise security, of course, but executives must build a more complete, end-to-end solution that defends every gateway an attacker could use to access company information.
“Companies need to evolve how they look at security,” Watson said. “It’s not boundary protection anymore. Instead of this big focus on protecting infrastructure and creating a wall that no one can get through, the important thing is to identify where data is in the network and place protection mechanisms to keep that from being stolen.”
SAMSUNG GALAXY S8 PLUS
The Samsung Galaxy S8 Plus is a beautifully crafted smartphone with nearly no bezel, curvaceous in design and reflects a…
How to: Connect to Exchange Online Using Multi-Factor Authentication
Using PowerShell to manage your Microsoft cloud services like Exchange Online and using multi-factor authentication (MFA) separately is awesome. Using…