Will IT Security be tougher in 2015?
“The IT industry seriously needs to up its security to stay ahead of the game!”
As we predicted around this time last year, 2014 has seen more high-profile targeted attacks with motivations of stealing information, making a statement and permanently destroying sensitive/valuable data. Analysts, Hold Security, startlingly announced in February that it had managed to obtain a list of 360 million account credentials for web services from the black market. That’s just after three weeks of research. Criminals are stepping up their game and data breaches are becoming both common and devastating. According to research from Arbor Networks, the number of DDoS events topping 20Gbps in the first half of 2014, are double that of 2013. With more than 100 attacks at over 100Gbps or higher recorded in the first half of the year. So it is increasingly looking more likely that 2015 is in for even more security hacks!
Last year we saw some notable attacks on companies through cyber hacks, attacks such as;
- eBay went down in a blaze of embarrassment, in May it revealed that hackers had managed to steal personal records of 233 million users. The hack took place between February and March, with usernames, passwords, phone numbers and physical addresses compromised. Hackers successfully stole eBay credentials and managed to gain access to sensitive data.
- The Sony Pictures Entertainment Cyberhack was a release of confidential data belonging to Sony Pictures Entertainment on November 24, 2014. The data included personal information about Sony Pictures employees and their families, e-mails between employees, information about executive salaries at the company, copies of unreleased Sony films, and other data. The hackers called themselves the “Guardians of Peace” or “GOP” and demanded the cancellation of the planned release of the film The Interview, a comedy about a plot to assassinate North Korean leader Kim Jong-un.
In 2015 the cyber security landscape will continue to evolve rapidly and attacks will increase in number and sophistication, from a wider range of threat actors than ever before. One constant, however, will be that spending money on the wrong cyber defences will continue to result in cyber attacks causing real damage. The constraining factor previously was that the people with the intent to conduct widespread and high-impact cyber attacks – the activists and the criminals – did not have the capability. This may not remain the case for much longer.
Mistakes your organization cannot afford to make this year
With limited resources, it is not possible to protect every asset against every threat. The key for an organization is to understand which threat actors are targeting it, what the organizations key assets are and how to protect them. Cyber defence needs to be intelligence-led, risk-based and prioritised – it is not a compliance exercise.
- Failing to build cyber defences around a granular understanding of threat. Any cyber defence programme should be intelligence-led. That includes collecting operational and strategic information that helps the organization understand the specific nature of the threat. A good idea would be to scan around the company for weaknesses in employees and supplier, there can often be vulnerabilities. The attacker will always exploit the weaknesses!
- Failing to identify and protect the organizations most important assets. Organizations need to focus budgets on prioritising protection. Many focus excessively on ensuring organization-wide compliance to standards, without effectively protecting their most important assets.
- Lastly, Lacking the technical defences to deal with advanced persistent threats. Through 2015, an increasingly broad group of highly capable actors will target those critical assets across a wide range of organizations.
These mistakes are just a few of what companies can perform without overlooking just how critically important their network security really is for themselves. Take notice of the eventful hacks last year and start 2015 like you would any other year, with a new year’s resolutions and toughen your network security!