1. BYO devices
Despite a plethora of stories being written about the threat of bring your own (BYO) technology, some CSOs are yet to implement strategies to prevent employees from unintentionally placing their workplace at risk by using their smartphones and tablets.
While taking a more mobile approach to work has clear benefits, the risk caused by devices not being secured properly can outweigh these. Check Point commissioned a piece of research with over 850 IT professionals across the US, Canada, UK, Germany, Australia and New Zealand last year which found that 78 per cent of businesses reported there were more than twice as many personal devices connecting to a corporate network compared to two years ago, with 63 per cent saying they thought this trend was related to an increase in security incidents.
2. Cloud computing
Cloud computing is one of the most significant technological trends we have witnessed and has the potential to change the very way we work. It is, however, important to ask a number of questions before jumping into the cloud to minimise your security risk. Organisations need to carefully consider what kind of cloud environment they want to adopt whether it’s a public cloud, private cloud or a hybrid model, taking into consideration that there is no ‘one size fits all’ approach. There will also be security regulations that some companies must work within and a requirement to adopt best practice, so it’s imperative to ensure that all due diligence is done before taking the plunge.
3. Employees as the new targets for hackers
With security software becoming more complicated in order to keep up with threats, hackers will take aim at employees; making them the next big targets of cyber crime attacks.
Socially-engineered attacks will provide a new inroad for hackers wanting to target organisations, being able to access sensitive information about employees from social networking sites like Facebook in just a few minutes. Hackers are then able to use this combination of sensitive data to target employers. Because the concept of social-engineering is based on using information that is customised to target an individual rather than a business, it can appear more legitimate; therefore increasing the level of damage it is able to do.
Making sure your employees are aware of how their actions online could be used against your business is vital. Updating security policies and procedures regularly and controlling application usage in the workplace where necessary are all positive steps you can take.
4. The changing face of hacking
Forget about the amateur hackers of the 90s – Check Point believes that today’s cyber criminals are no longer isolated, thrive on collaboration and are part of well organised groups. This combination of money, motivation and goals is a dangerous one which means hackers can spend considerable intelligence, time and resources on executing botnets attacks; costing businesses millions of dollars in profit.
Generally, hackers will not attack a target unless it’s worth the time – and won’t go to the trouble if the incident can’t be monetised. While financial information is not the only valuable data worth stealing, cybercriminals tend to look for general customer information and less for specific billing or credit card data. Such information can be very lucrative for hackers, enabling future attacks or spam campaigns.
5. The evolution of botnets
Last but certainly not least is the threat of botnets, which are set to keep CSOs on their toes this year. Compromising anywhere from a few thousand to well over a million systems, botnets are used by cybercriminals to take over computers and execute illegal and damaging activities like stealing data, gaining access to unauthorised network resources and initiating Denial of Service (DoS) attacks.
While botnets of the past predominately targeted machines running Windows, 2012 will be the year when they evolve thanks to social engineering and zero-day exploits. Taking advantage of the proliferation of mobile devices and social networking, new botnet variants will be cross-platform and companies can expect to see more Apple, Android and other mobile based botnets pop up where they communicate to Command and Control servers (C&C) using via 3G or Wi-Fi networks.
Making sure your anti-virus protection is up to date is a sure fire way to protect your business against botnets. Last year we announced the development of new technology that prevents the damage of botnets by blocking communication between infected hosts and remote operators. Implementing procedures like these will help protect your business against the latest breed of botnets.