It seems as if whenever IT security experts get a handle on one threat to their companies’ data security, a new, more dangerous and potentially devastating one pops up in its place. Staying one step ahead of cybercriminals is crucial to protecting sensitive networks and data, and experts are already predicting the biggest threats to cyber security for 2013 and developing solutions. As you make your plans for the coming year, consider the following very real threats to your organization.
Attacks on Cloud
Cloud computing has revolutionized the way we do business, allowing employees to work from anywhere and share resources; however, using a cloud also presents a new set of security risks. The potential for data breaches via cloud has increased exponentially as more organizations turn to the flexible networking that it offers. Cybercriminals are constantly looking for ways to exploit cloud, meaning that IT security needs to be on their toes, incorporating the latest security measures, including encryption, controlled access and up-to-date virus protection and firewalls to protect valuable data.
As more and more people switch to smartphones — and use them for business — more and more criminals are looking for ways to attack them. The most common means of mobile attack has been the nefarious app, either downloaded from an unknown source, or sold by a reputable source unaware of the apps malicious content. One of the major issues among apps is the level of permissions it requires to operate; users often download and install apps without realizing the level of access the app has to the data on the phone — including data that it doesn’t need. Companies allowing BYOD need to develop comprehensive policies that will protect their networks from attack via mobile malware; these policies might include acceptable-use policies, an MDM plan that allows for remote locking and wiping of devices, encryption and restricted access to company networks via mobile devices.
New Types of Malware
Although there are plenty of forms of malware that can wreak havoc on your business’s network and data, two new types have security experts looking for new ways to combat them. For example, Ransomware holds a computer hostage until the user pays for the functionality to be restored. When a user encounters this type of malware, the program locks the computer, and displays a screen with a message purporting to be from some branch of law enforcement, claiming the machine is frozen because the user accessed illicit material.
Madware is a more aggressive form of the adware that has plagued users for years, and it primarily targets mobile users. Often downloaded with legitimate applications, the madware makes changes to the user’s device such as adding icons, changing browser settings or creating pop-ups. At best, madware is annoying, but it could present potential security risks, especially for those in a BYOD environment; the madware could collect and transfer information about the device and its user to cybercriminals.
Again, protecting against these new threats involves installing and maintaining up-to-date antivirus and anti-malware protection on both computers and mobile devices, and user education on how to avoid the threats.
Global Supply Chain Issues
Because many of the systems used by businesses today are constructed in whole or in part overseas, many are worried they could come equipped with built-in security vulnerabilities — and users will not know until it is too late. The issue is exceedingly difficult to address, given the complexity and expense of constant monitoring, so IT security teams remain challenged to identify and protect against potential vulnerabilities.
As we head into the new year, it’s up to security professionals to find the holes in their network security and address them before they lead to data — or financial — loss. Developing a robust security plan and policies will help keep your organization safe against these new threats — and those that are sure to arise in the future.
About the Author: Sandra Bickford is an IT security expert who works for a major security company identifying online threats and developing solutions. She uses Trend Micro security solutions to inform IT professionals as well as laypersons on important security concerns.