For 2015 years of network security, there is need to focus on these issues
On February 4, according to foreign media reports, information security and privacy seem to be forever a hot topic over the past few months there have been a number of high profile cyber attacks and atrocities, leading centers around the world again focused around the topic of data protection, encryption, privacy, and control. These headlines events involving Governments, enterprises and other organizations, families and individuals of data breaches. Network security issues recently on one of the most prominent platforms in the world today–United States annual State of the Union address, United States President Barack Obama says: “no State or hackers you should shut down the network, stealing business secrets or violating United States family privacy. We are ensuring that government intelligence agencies to combat cyber threats, just as we fight against terrorism. Tonight, I urged Congress to pass a Bill in order to better combat the growing cyber-attacks and identity theft, protecting children’s privacy. If we do not take action, our country and our economy will be threatened. But if we do something, we will be able to continue to protect the benefit of the people of the world’s science and technology. ”
Those illegal stealing online information the hackers tried to protect information and communications security are in an arms race. Every year various hacker attacks, increasingly evolving network leads the security industry efforts to use existing tools to resist attacks while collecting intelligence on new threats. User is also part of the problem, they are careless or malicious hackers from taking advantage of network behavior, or lead directly to network vulnerabilities.
2014 top security vulnerability
According to leading provider of email and network security solutions for AppRiver, the following are United States 2014 years some major security holes:
This is not the full list, but obviously becoming more organized cyber criminals steal vast amounts of confidential data from enterprises and other companies. When a security vulnerability, and companies or organizations worried about is not losing valuable/sensitive data, but the brand or reputation suffered huge losses, which will require a great deal of time and money to fix.
In 2014, the network’s highest-profile attack was in November, Sony Pictures Entertainment (Sony Pictures Entertainment, hereinafter referred to as Sony Pictures) call themselves “defenders of peace” (Guardians of Peace, referred to GOP) hacking and theft of company data. Stolen 100TB data contains employee information (allegedly contains 47,000 copies of the social security number). Sony Pictures was hacked was also a political factor, because GOP hacker group asked Sony Pictures to cancel release film of the assassination of Kim Jong-UN, the latter is a comedy film about plot to assassinate North Korean leader, Kim Jong-UN. Despite GOP hacker group’s identity remains a mystery, but the United States Government points the finger at North Korea, but the latter refused to recognize hacking-related.
2015 safety prediction
Vendors, analysts and pundits from the beginning of each year to predict network security in the next 12 months. Although some people have “talked about” this topic with interest, but it cannot be denied that security and privacy are businesses, organizations, individuals, and an important part of the Government agenda. So we investigate prospective article published 17 organizations and 130 predictions will be divided into the following categories:
First in my list is “new attack vectors and platforms” and “evolution of the existing network security solutions”, these two types of reality shows network security arms race. In the first category, many commentators stressed the “new vulnerabilities in widely used older code” (Kaspersky Lab), such as Heartbleed/OpenSSL and Shellshock/Bash, and Sophos enterprise mobility management market leaders indicate that the IPv6 protocol in the rootkit vulnerabilities as well as rich UEFI boot environment and the bot might produce new attack vectors. Apple is a major new platform marked, for example, FireEye think “Apple growing enterprise footprint means that malware authors will adapt their Toolbox.” recent sales figures for Apple products will only fuel the hackers “mouth watering”.
Most forecast belongs to second class (“existing network security solution programme of evolution”), including Immuni Web of views: if alone using or no artificial intervention “Automation security tool and solution programme will no longer efficient”. global network security equipment supplier Fortinet think hacker will avoid sand box technology, and through “in attack in the joined not related content hinder survey who or deliberately plant not related of hacker” to transfer survey who of attention. While Internet data centers (IDC) analysts predicted “by 2017, 90% of enterprises endpoint is to use some form of hardware protection in order to ensure the integrity of enterprise” and “by 2018, purchased separately by the 25% safety applications will be integrated directly into the application.”
Several predictions types are identified specific new attack types and platforms, especially the Internet, mobile technologies, social networks, data and analysis, cloud services, retail terminals and payment systems, Web technology, open source software, third-party attacks and malicious ads. It shows as connected to the world via the Internet as a whole, increasing opportunities for hackers, for instance, recently discovered in a weakness of Linux-based control software can hijack the drone (and unmanned).
In the third category of IoT, and integrate Web, Websense data security solutions provider and information points out that “your refrigerator is not an IT threats, industrial sensors. “In other words, cyber criminals are more likely to attack the automation industry, such as power generation and oil and gas extraction in the M2M communication, rather than trying to” melt your butter or boiled milk in the fridge. ” Sophos agrees that represents “the gap between ICS/SCADA and real-world security is only going to get bigger. “The IoT in the other end of the bar, market-research firm Forrester predicted 2015” a wearable device data exposure stimulates the Federal Trade Commission, FTC take action “– and those who want to implement based on wearable devices for health projects, enterprises should think again.
Many commentators said the fourth of these mobile platforms will increasingly attract the attention of hackers and cyber criminals, particularly now that mobile payment systems, such as Apple Pay has become increasingly mature. Websense also thinks hackers will target mobile device, “not only to break the phone passwords and steal data from the device, but also as a medium to get an increasing number of devices in the cloud storage data resources”.
Social networking is another focus of hackers increasingly, as corporate global information security protection technology firm BigCoat says: “attack tools will receive information from social networks and a better approach to personal attacks. Most targets have a certain social context, which increases effectiveness and simplicity. Hackers will use their understanding of the targets for access to critical systems and data. ”
As far as data and analysis, Varonis Systems commercial software vendors warn salami attack (only steal a small proportion of their assets at a time) the rise of “even after encryption or anonymization, through social networking, credit card transactions, Web cams and digital footprints collected large amounts of data can be put together into a complete picture of a frightening. This threatens not only individuals or threatened governmental, corporate and business partners … In 2015, an important data initiative will be hindered by salami attack. “another positive aspect is that the United States software company, Symantec forecast” machine learning will become a game-changer to fight cyber-crime. ”
Network security cloud services is the next battleground, Varonis Systems that “cloud and infrastructure as a service (IaaS) companies compete on their ability to manage and protect data with each other, while providing customers with productivity-enhancing features … Does not provide the same level of access control, data protection, and increase the productivity of companies will not be able to access the customer’s most critical data. “Meanwhile, IDC believes that the security software itself should be entered:” enterprise security software as a service (SaaS). At the end of 2015, 15% of safety and security will be provided by SaaS, and by 2018 it will be 33%. “
Several commentators noted that 2014 retailers face a large number of high profile attacks in 2015–a trend that is expected to continue: “hackers target the retail ATM machine (Kaspersky Lab)”; ” Retail vulnerability–2014 years is just tip of the iceberg “(Damballa). Therefore, Forrester predicted “2015 retail security budget will more than double.” 2015 forecast of other new attacks, including third-party open source software and vulnerability, connection or infected with malware such as supply chain of advertising (malvertising).
High profile security vulnerabilities will continue to become a hot news in 2015 (“significant data breach will lead to network security issues continue to be of concern”-Symantec). However, Websense is particularly concerned about the health of the data, this is mainly taking into account “without any type of record can contain detailed personally identifiable information (PII), which can be used for a series of subsequent attacks and other types of fraud.”
Safety of encryption and privacy still appear in the 2015 forecast. According to the BlueCoat, said encryption is a double-edged sword: “the use of encryption will continue to protect customer privacy. Malicious software hidden after encryption to avoid detection of most companies, these companies trying to hide behind the privacy and security of employees find a balance between attacking. “such as Sophos, from a political perspective said:” with the intelligence service monitoring, and data breach disclosure, public awareness of security and privacy concerns grew so intense that encryption will eventually turn into a default state. Some organizations, such as law enforcement, and intelligence agencies may resent this, because they thought it would have a harmful effect on security. ”
Several forecasts is mainly regulation and net insurance commitment and Union. In terms of security breach notification laws, Varonis Systems emphasized the Middle-Atlantic divide: “data in the EU will be safer (thanks to data protection regulations), but in the United States? “This issue once again stressed the forecast of Nephapsis,” a United States major EU companies will be involved in a data breach. “after the disclosure of customer information,” hundreds of millions of dollars in fines and prosecution, “led to the prospect of Forrester predicted” Internet insurance of $ 100 million will become the norm, “this view was supported by FireEye’s response.
Several commentators also refer to the evolution of the Organization’s security policy. FireEye that “fewer and fewer companies will run their own security operations center (SOC)”, enterprises should “shift from peacetime to wartime mentality”, while network security issues lead to IDC predictions “by 2018, 75% CISOs, Chief safety officers CSO and chief information security officer to CEO of the company, instead of the Chief Information Officer CIO reporting directly.”
FireEye and Damballa have also highlighted the high intelligence detection and prevention of stealthy cyber attacks, the two companies is committed to providing professional solutions in this area. FireEye think enterprises shift their money into “advanced monitoring, response and forensics” Damballa say the second half of 2014 organization invests a “threat monitoring and response” and predicted that this trend will be renewed in 2015.
National sponsored and political driven of attack type also was some commentator mentioned: “hacker were will sat in computer Qian carried out new of network war” (Websense); “spy software (espionageware) of rise” (BlueCoat); “network spy attack will will continues to and to more high frequency occurred” (McAfee); “to political revenge for purposes of hacker will will attack General citizens” (Neohapsis) ; Websense reminded cyber warfare/terrorism will be more dominated by so-called non-affiliated individuals, who has nothing to do with the Government, but do support the slogan of nation States.
Ransomware (Ransomware), a hacker used to hijack the user’s assets or resources and as a condition of extorting money from users of malware, is expected to be in the future with greater range and higher frequencies appear. BlueCoat predicted Ransomware will charge more to the infected user. Lancope believes that future Ransomware inflated Symantec fraud is expected to continue to develop the software for purposes of extortion; McAfee was considered extortion software attack tools, encryption method, and the target on the user’s choice is more intelligent.
Prediction of remaining types, including biometric and multi-factor authentication, cyber crime and cyber security skills, surprisingly is mentioned only once, Sophos said the “global skills gap will continue to increase, including emergency response and education is the key focus.”
Prospect
About network security can be sure of one thing: the company is only relying on a firewall and anti-virus software to protect network security is not enough. Chief Security officers and chief information security officer needs to continue monitoring the evolution of threats, “if we are attacked,” turned into “when we were attacked” State.
Company’s social, mobile, data, services, and other digital strategy will face new attacks, the latter will continue to test the current network security toolkit-a firewall, antivirus, VPN, intrusion detection/prevention system, advanced threat protection, and so on. If this were not enough, you need to invest in new protective measures, skilled workers to operate them, and investment insurance.