As a security manager, if you thought 2012 was challenging, you have another thing coming in 2013. As per Jagdish Mahapatra, Managing Director, McAfee India & SAARC, in the coming year information security professionals will be tested on multiple counts what with increasing incidents of targeted attacks, signed malware, non-Windows attacks and ransomware. He lists his top 10 enterprise security trends for 2013. Here they are:
1. Targeted Attacks: 2012 saw an increased growth in targeted attacks that proved successful in disrupting service and fraudulently obtaining significant amounts of intellectual property. We expect Cyber Criminals will continue to use this method and as a result, in 2013, we are likely to see significantly more targeted attacks and targeted malware. This type of attack is more difficult to protect against. Uniform attacks are still out there but as soon as they are identified and a security fix is released they are no longer effective.
2. Signed Malware: Signed malware was prevalent in 2012 and this is likely to continue. Signed malware is present when a hacker obtains a digital certificate from an organization and appends it to malware, allowing the malware to pass through an organizations operating system. Stuxnet is a high profile example of this threat. There will be a large increase in this type of threat and it will be harder to stop because it appears more legitimate.
3. Big Business at Risk: Enterprises can be at a higher risk of an attack as there is often a greater attack surface and more visibility gaps in their security posture. With targeted attacks on the rise, the motives to target a large enterprise are often greater than a smaller organization.
4. Non-Windows Attacks: We suspect non-Windows attacks will continue to increase in 2013. Android devices are now the highest selling mobile devices in the Asia Pacific market and hackers will take advantage of that by developing mobile malware. Besides individuals, enterprises, particularly those embracing Bring Your Own Device (BYOD), are also at risk. Interestingly, the mobile malware growth rate is similar to what we saw for Windows malware some time ago, which shows it is a genuine threat. McAfees Q3 Threat Report for 2012 showed mobile malware almost doubled when compared to the previous quarters numbers.
5. Ransomware: This will also be prevalent in 2013. Ransomware is operated by encrypting files on a victims computer which can only be unlocked by paying the criminals a fine. It has been a big issue in other countries around the world in the past.
6. Impact of Changing Regulations: The Indian banking regulator RBI has generally been proactive in advising banks on issues relating to security and has acted as an important institution to drive the importance of this matter at the level of Board of Directors. The regulator has institutionalized a whistle-blowing system by means of a quarterly assessment of all banks towards their progress on these guidelines in the AFI (Annual Financial Inspection) cycle 2011-2012. To conform to these guidelines, financial services organizations in India will need to demonstrate compliance with RBI regulatory mandates, which include data protection, event collection and analysis, endpoint controls, and related security measures.
7. Need for Incident Response: In 2013, we expect organizations will have to review their processes for dealing with a targeted attack. If the organization falls foul from a targeted attack or Advanced Persistent Threat (APT) they will need to adopt a process of incident response and many organizations dont necessarily have the technologies in place to ensure timely investigation and remediation is possible .As such, solutions providing incident response capabilities will become a security infrastructure priority for many organizations over the next year.
8. Security Process Automation: Interestingly, many organizations cyber security function is one of the only IT functions that have not yet leveraged the speed, visibility and comprehensive capabilities provided through automation. With an increasing number, variety and complexity of the threats faced by organizations, many security technologies still require significant hands-on management. We expect that IT managers will have to embrace security automation in order to keep up.
9. Connected Devices: We also anticipate the growth in number and variety of new connected devices will provide additional gateways for hackers to access personal or business networks these connected devices include connected homes and connected cars. While the home or car may not be hacked, they are used as a vehicle to access other networks.
10. Bring Your Own Application (BYOA): With BYOD comes Bring Your Own Applications where many employees are now downloading Apps within the organization. As a result IT Administrators are losing control of what tools and applications are used inside the Enterprise and business users (often lacking in an understanding of the potential security risks these applications can pose) are becoming their own system administrators. There are many examples of Apps that transmit information with no security, Apps that leak sensitive information, through to Apps that are malicious and place the user and the information at risk.
As a security manager, if you thought 2012 was challenging, you have another thing coming in 2013. As per Jagdish Mahapatra, Managing Director, McAfee India & SAARC, in the coming year information security professionals will be tested on multiple counts what with increasing incidents of targeted attacks, signed malware, non-Windows attacks and ransomware. He lists his top 10 enterprise security trends for 2013. Here they are:
1. Targeted Attacks: 2012 saw an increased growth in targeted attacks that proved successful in disrupting service and fraudulently obtaining significant amounts of intellectual property. We expect Cyber Criminals will continue to use this method and as a result, in 2013, we are likely to see significantly more targeted attacks and targeted malware. This type of attack is more difficult to protect against. Uniform attacks are still out there but as soon as they are identified and a security fix is released they are no longer effective.
2. Signed Malware: Signed malware was prevalent in 2012 and this is likely to continue. Signed malware is present when a hacker obtains a digital certificate from an organization and appends it to malware, allowing the malware to pass through an organizations operating system. Stuxnet is a high profile example of this threat. There will be a large increase in this type of threat and it will be harder to stop because it appears more legitimate.
3. Big Business at Risk: Enterprises can be at a higher risk of an attack as there is often a greater attack surface and more visibility gaps in their security posture. With targeted attacks on the rise, the motives to target a large enterprise are often greater than a smaller organization.
4. Non-Windows Attacks: We suspect non-Windows attacks will continue to increase in 2013. Android devices are now the highest selling mobile devices in the Asia Pacific market and hackers will take advantage of that by developing mobile malware. Besides individuals, enterprises, particularly those embracing Bring Your Own Device (BYOD), are also at risk. Interestingly, the mobile malware growth rate is similar to what we saw for Windows malware some time ago, which shows it is a genuine threat. McAfees Q3 Threat Report for 2012 showed mobile malware almost doubled when compared to the previous quarters numbers.
5. Ransomware: This will also be prevalent in 2013. Ransomware is operated by encrypting files on a victims computer which can only be unlocked by paying the criminals a fine. It has been a big issue in other countries around the world in the past.
6. Impact of Changing Regulations: The Indian banking regulator RBI has generally been proactive in advising banks on issues relating to security and has acted as an important institution to drive the importance of this matter at the level of Board of Directors. The regulator has institutionalized a whistle-blowing system by means of a quarterly assessment of all banks towards their progress on these guidelines in the AFI (Annual Financial Inspection) cycle 2011-2012. To conform to these guidelines, financial services organizations in India will need to demonstrate compliance with RBI regulatory mandates, which include data protection, event collection and analysis, endpoint controls, and related security measures.
7. Need for Incident Response: In 2013, we expect organizations will have to review their processes for dealing with a targeted attack. If the organization falls foul from a targeted attack or Advanced Persistent Threat (APT) they will need to adopt a process of incident response and many organizations dont necessarily have the technologies in place to ensure timely investigation and remediation is possible .As such, solutions providing incident response capabilities will become a security infrastructure priority for many organizations over the next year.
8. Security Process Automation: Interestingly, many organizations cyber security function is one of the only IT functions that have not yet leveraged the speed, visibility and comprehensive capabilities provided through automation. With an increasing number, variety and complexity of the threats faced by organizations, many security technologies still require significant hands-on management. We expect that IT managers will have to embrace security automation in order to keep up.
9. Connected Devices: We also anticipate the growth in number and variety of new connected devices will provide additional gateways for hackers to access personal or business networks these connected devices include connected homes and connected cars. While the home or car may not be hacked, they are used as a vehicle to access other networks.
10. Bring Your Own Application (BYOA): With BYOD comes Bring Your Own Applications where many employees are now downloading Apps within the organization. As a result IT Administrators are losing control of what tools and applications are used inside the Enterprise and business users (often lacking in an understanding of the potential security risks these applications can pose) are becoming their own system administrators. There are many examples of Apps that transmit information with no security, Apps that leak sensitive information, through to Apps that are malicious and place the user and the information at risk.
Crazy Explosive 2017 PK Low
In
Add new comment