Cybersecurity 2014: The Industry's Most Wanted Threats
By the late 1980s, standardization of TCP/IP protocols paved the way for modern Internet access, and it didn't take long for cybersecurity threats to emerge. In 1988, four men attempted a $70 million robbery from the First National Bank of Chicago by illegally transferring funds electronically. By the 1990s, NASA, Griffith Air Force Base and the Korea Atomic Energy Research Institute were all hacked in quick succession.
Although technology advancements have been rapid-fire ever since — from smartphones and tablets to the cloud and wireless networking — attacks have kept pace. With the new year in sight, it's a good time to ask: What are the top cybersecurity threats for 2014?
Top Threat #1: The Hacker Marketplace
Most worrisome is the developing hacker marketplace. According to a recent IT Business article, the market for effective software “exploit kits” has grown so quickly that some hackers are packaging the most dangerous versions together and selling them online to less-skilled troublemakers. And while the volume of malware is decreasing — which certainly sounds like good news — broad-spectrum attacks are simply being replaced with more focused efforts. Because businesses have become adept at detecting malware, spyware and ransomware, expect hackers to focus more on specificity than on size.
Ransomware is also getting an upgrade. For years, attackers have burrowed beneath company firewalls, stolen data and sold it to competitors, but the hackers have now found a way to cut out the middleman. Instead of taking and then auctioning off data, hackers encrypt company information and then charge a ransom to have it unlocked. If a business won't pay, data is destroyed.
Top Threat #2: Inside the Walls
Companies also need to take a hard look at internal issues for 2014. The bring-your-own-device (BYOD) trend continues to gain speed, but that comes with unique threats. For example, text-based malware attacks can steal contacts and send out fake messages to other users, infecting them as well.
Social media is also a prime target for hackers. In April of 2013, for example, hackers broke into an Associated Press Twitter account and then Tweeted about a White House bombing. The response? The Dow Jones Industrial Average dropped nearly 144 points. In addition, phishing messages, which were once the province of corporate and personal emails, are moving to Facebook and Twitter messages: When users click on a supplied link, their PCs or smartphones are compromised.
In fact, executives are prone to such phishing attacks, according to IT security vendor Websense, which released its own list of cybersecurity threats for 2014:
As social networking continues to appeal to the business community in 2014, attackers will increasingly use professional websites, such as LinkedIn, to research and lure executives. This highly targeted method will be used to gather intelligence and compromise networks.
Top Threat #3: Accidental Backlash
To combat these threats, some companies (and governments) are taking the fight to hackers rather than waiting. The problem? In the coming year, intelligent hackers will get better at masking their location and actively direct companies to legitimate web hosts or Internet Service Providers (ISPs). If this kind of “offensive security” ends up taking down a competitor's server or a government website, there will be serious repercussions.
Fighting the Good Fight
So what can companies do to deal with emerging security threats? The federal government is making a monetary commitment: According to a recent Department of Justice budget request for 2014, the DOJ wants $92.6 million more than last year for cybersecurity. Additionally, the FBI is allocating $86.6 million to hire new special agents and computer scientists in support of its Next Generation Cyber Initiative.
For the private sector, protection lies in Big Data and collaboration. Using the right analysis tools from trusted vendors, companies can identify likely attack patterns, helping to flag suspicious activity before it causes major damage. In addition, a PwC survey found that 82 percent of global leaders have already started collaborating with other companies to combat cybersecurity threats — open security discussion lowers the time needed to develop effective countermeasures and lets businesses get the jump on hackers, who often depend on the market's penchant for privacy.
2014 brings a number of new cybersecurity threats to the table, along with upgrades for existing attacks. Awareness is the first step in prevention; analysis and collaboration are critical for long-term success.