Advanced malware attacks now pose the greatest challenge for today’s security infrastructure and methods of protection.
We expect that security technologies will continue to improve at keeping out the bad guys, forcing them to dig deep and use advanced malware, targeted attacks and new attack vectors to try to circumvent existing protection methods.
Many malicious threats now hone in on their victims, disguise themselves to evade defenses, hide for extended periods and then launch their attacks at any time.
Some of the trends we expect to continue to impact security include:
As the popularity of mobile devices continue to increase, cybercriminals are changing their tactics to target mobile platforms where consumers are less aware of the security risks.
Research indicates malware targeting Android-based devices has increased by nearly 500 percent since 2011. Given the lack of even basic visibility as to what is running on your mobile platform, most IT security teams certainly do not have the capability to identify potential threats from these devices.
Employee-owned mobile devices are increasingly being used to access the company’s systems, which can increase the potential of threats to the company’s network. Smart phones and mobile devices now carry a lot of data, which can be stolen should the device be misplaced or lost putting the company’s data at risk.
The IT network management environment is only going to become more complex and challenging, both internally and externally – so businesses must ensure that they can see what’s happening at every moment before something happens that can put their organisation at risk.
Hackers continue to target social network sites as distribution hubs for malicious code. Examples of common approaches include enticing status updates on news feeds to get users to click on the links. These links provide an avenue for malware attacks to gain access to protected systems and information.
Devices that have access to the enterprise need to be routinely updated with the latest security programs. Enterprises need to understand what is running on their network in order to protect their digital assets.
Bring your own device
While laptops, tablets and smartphones are becoming our go-to devices, creating a boon in productivity, the bring-your-own-device (BYOD) movement is increasing security risk to the corporate network and corporate data.
Employee-owned mobile devices that access corporate resources are outside of the control of the corporate IT function. As a result it can be difficult to identify even basic environmental data for these devices such as the number and type of devices being used, as well as operating systems and applications.
For most enterprises, the right solution isn’t to ban BYOD strategies but to implement BYOD policies that clearly define the proper use of employee-owned devices in the enterprise.
Chris Wood, regional director for Sourcefire in Australia and New Zealand.