Security Threats Predictions in 2015

Article by Rishikesh Kamat



Let me start with a note on security threats that a business enterprise faces as it enters a new year. The previous year has been a witness to an increase in number, complexity and sophistication of attacks on enterprise security. DDoS and APT are looming dangers to enterprise security, no longer manageable from within the security infrastructure of an organization. These coupled with mobile malware (despite BYOD strategies) and the adoption of disruptive technologies like the Internet of Things (IoT) are proving to be a persistent threats to the enterprise IT architecture.

However, the situation is not as bleak as it seems. If the incidence of these threats is rising, security providers too are gearing up to take on these threats headon.

A Coordinated, Collaborative Approach to DDoS Mitigation

Stopping modern-day DDoS attacks requires the collaboration of enterprises, governments and in-cloud managed security service providers. To help facilitate collaboration and address this complex, growing problem, Arbor Networks created the Cloud Signaling Coalition (CSC).

The Cloud Signaling Coalition is an innovative industry initiative that facilitates communication and information sharing in order to solve real-world problems, namely, denial of service attacks that threaten the availability of data center resources.

In the year 2015, we will see a trend towards threat Mitigation moving into the cloud

Increasing volume and complexity in DDoS attacks over the past few years is making it vital for business enterprises to build capacity for mitigation. The industry is now building capacities to move mitigation of DDoS attacks through the cloud. Interestingly, providers such as Arbor and Prolexic are in the process of building capacities to be able to absorb the huge volumes of attack traffic.

What this essentially means to the enterprise is that traffic will need to be routed outside the local geographies leading to a slew of concerns on data privacy and control. Unfortunately, organizations will not have much choice but to adapt to this reality – and 2015 will pave way for increasing trend towards this move.

Similarly, Advanced Persistent Threats (APTs) are increasing in complexity, requiring analysis, which needs high compute power and federation of multiple sources. For an enterprise IT setup, detection of APTs may be difficult with existing resources but the Cloud offers a way out over here. Service providers and OEMs are building sanboxing capabilities in the cloud that allow customers to throw malicious content into the cloud for analysis and reporting.

Internet of Things (IoT) introducing new slew of Threat vectors

Internet of Things (IoT) has been around us in some form or the other, and in different names for many years. However, this lesser known faculty has gained prominence in recent times. IoT essentially means the ability to connect everyday things around us and remotely manage an incalculable number of connected devices using Internet is fast becoming pervasive. As we become increasingly reliant on intelligent, Internet-connected and automated devices, a huge threat looms over us – how do we protect billions of devices from intrutions and inteference which could soon become the biggest threat to personal as well as enterprise security?

The general level of security of the smart devices is not upto the mark. There is a larger threat vector for the malicious entities to exploit. The range of attacks can be from as simple as hijacking the IoT devices for launching other attacks, or it could be as severe as hacking the devices themselves to carry out malicicous activites. According to a Forrester Research report on IoT Security issues "Privacy and security concerns are one of the top five challenges for internal stakeholders in 21 percent of firms".

Forrester Research on IoT Security issues in October 2014

(Source: Forrester Research on IoT Security issues in October 2014)

And we are of the opinion that 2015 and beyond will see a bunch of organizations changing their focus to secure these billions of intelligent and interconnected devices.

Mobile Malware will Represent a Persistent Threat in Spite of BYOD Measures

A good 10 years back, a malware called Cabir first infected Symbian feature phones, since then the floodgates of mobile malware have opened, making it a top security threat for devices. And there is valid reasons for it too!

With more and more users merging their professional and personal mobile experiences onto a single device, any malicious content downloaded while on personal use can find its way to the corporate network when connected in office. Existing BYOD measures will have to be further enhanced to ensure that any malicious content is kept out of the corporate network. In the near future, given the nature of targeted attacks as well as lack of security awareness of end users, this will continue to remain as a challenge.

As security threats continue to evolve so will the measures to counter them will continue to evolve. 2015 will see the notion of security being a secure platform − rather than a series of point products or devices on the network – gaining traction. The expectation on security professionals will be to deliver a secure platform that allows the business to confidently run multiple applications, in a secure environment.

The concept of cloud with its pay per use model will play a significant role in end point security. The coming year will be an exciting time for IT security experts where they will not just have to prevent but predict the kind of security threats and take measures to mitigate them.