With 2013 around the corner, it is time for IT security people to reflect on what has been, gaze into their crystal ball and predict what is yet to come. Below are network security vendor Stonesoft’s six predictions around the threats that we will be seeing in 2013.
“I believe in 2013 the security of the digital world will become even more dominant. It is the security trend which is growing most rapidly at the moment and its importance will just continue to grow in the future. This means there is also an increasing need and pressure to think about international norms, rules and regulations,” says Jarno Limnell, director of cyber-security at Stonesoft.
“As nation-states continue to invest heavily in cyber capabilities (defence and offence), it is also likely that they will be more inclined to use these capabilities and the use of “cyber force” in the world will increase. This may have severe consequences – in particular with regard to unpredictable side-effects. A single attack can spread rapidly around the world, even by a mistake. There is a myriad of players who are investing immense resources to change the cyber reality,” Limnéll adds. Stonesoft predicts:
1. The world will experience more targeted cyber-attacks. The development of highly sophisticated malware by state-sponsored organisations has the potential to radically affect the speed at which the wider threat landscape evolves. Cyber threats will become more unpredictable than ever before.
2. Espionage by nation-states will continue to rise. In 2012 we saw botnets and malware silently send the whole contents of the user’s hard drive to a control machine. This will continue to be a problem in 2013. The protection of critical national infrastructure will continue to be an extremely important aspect of cyber security.
3. Hacktivism will grow and become increasingly relevant and dreaded – in particular, it will become more aggressive and its means and impact will become more powerful. At the same time, the role of non-nation players will become more important, in particular with respect to expertise, not just resources.
4. We will see even more advanced evasions techniques (AETs) being used against organisations and governments. As security technologies and the overall capability to catch cyber criminals and hackers improve, they will invest their “R&D” resources in developing increasingly sophisticated and stealthy attack delivery technologies to improve their ROI. The most worrying part of this is that current security technologies are not capable of stopping AETs and the targets will remain unaware that they have been attacked.
5. In 2012 we heard about a lot of vulnerabilities in closed source enterprise applications such as Oracle, SAP and SCADA. These applications contain business critical data and are highly valuable targets for intruders. This will continue to be a problem in 2013.
6. Android will continue to be targeted by hackers. The platform provides an attractive environment for malware and hackers will take advantage of this.
It is likely we will see the first global consumer brand go bankrupt as a consequence of a cyber- attack that ruins its reputation and customer confidence.
Ville Hämäläinen, Director, R&D at Stonesoft, says: “As the cyber capabilities of various players around the world increase and we will see more and increasingly sophisticated targeted attacks, traditional security systems are no longer able to provide sufficient protection.
“To defend themselves against today’s cyber threats, organisations need to make the leap from traditional, reactive security against known threats to proactive cyber defence and offense capabilities and readiness against “unknown unknowns” in order to increase operational resilience.”
