We started off the 12 Days of IT SNAFUs by (horrendously) singing a little ditty about the 12 IT Nightmares of 2014 and now, as the year and this blog series draws to a close, we instead urge you to prepare for the influx of IT security issues coming your way. You may be well aware that this year was the worst for data breaches, but can your clients expect the same high volume of targeted attacks when they come back from the holidays? We've read and analyzed security prediction reports from ThreatTrack Security, Websense, Trend Micro, and more to bring you the top cybersecurity threats and trends to watch out for in 2015.
Make sure you don't drop the ball after the ball drops...
You read 12 Must-Know Cybersecurity Stats of 2014: IT SNAFU Day 5 and now, you're wondering what to expect in 2015. I'm not a fortune teller and I don't play one on TV, but I'd look out for...
1. Rise in Healthcare Data Breaches
Do you have clients in the healthcare vertical? Then, you understand why medical records are the most vulnerable data to attacks. Between containing personal client details like name, address, and social security number and being linked to financial and insurance information, these digital and electronic records offer the most Personal Identifiable Information (PII) to hackers looking to exploit or commit fraud. The Identity Theft Resource Center reported that "healthcare data accounted for 43 percent of major data breaches reported in 2013." For these reasons, the Websense 2015 Security Predictions Report recommends MSPs be on the look out for cyber mal-practice!
These threats don't just stop at healthcare IT though! WatchGuard warns that cybercriminals will target lucrative business verticals, attacking businesses of all sizes, rather than individual organizations [source].
2. Email as Data Theft Entry Point
You've got mail, and it's not being directly flagged as malicious! According to the same Websense security report, email threats will become even more prevalent in the new year. Hackers are figuring out how to avoid email security solutions, and as a result, your clients could see more spam in their inboxes. How? Cybercriminals are now increasingly sending emails without links or spam messages. Through advanced, randomized attacks, hackers "can still use this method to validate credentials and prepare more effectively for other penetrating aspects of an attack" [source].
How will you prepare your clients for sneakier cybercrime phishing campaigns?
3. Increase in High-Risk Mobile Vulnerabilities & Malware
It's a good thing mobile devices are on everyone's holiday wish list because now, hackers can make bank exploiting your clients! That's right, you can expect more attacks on mobile devices, platforms, and apps in 2015, with Android front and center. Android threats are expected to double from 4 million in 2014 to a staggering 8 MILLION in 2015 according to findings in Trend Micro Security Predictions for 2015 and Beyond.
Exactly what mobile threats could clients be subject to? According to the report, Cybercriminals could exploit master key vulnerabilities to create malicious duplicates of existing apps, thereby phishing credit card information from infected devices.
Did someone say malware? Hackers may even go as far as to make mobiles unusable unless you cough up a pretty penny, according to WatchGuard research predictions [source].
Perhaps the most alarming possibility is that infected devices may be able to transmit their infections to other devices that they have access to!
In the wake of the BYOD revolution and these ever-increasing threats to mobile security, offering clients Mobile Device Management (MDM) will be even more crucial in the coming year!
4. More Exploitation of Open Source Vulnerabilities
This year's Heartbleed and Shellshock remind us of the ramifications of vulnerabilities in open source protocols. Trend Micro suggests hackers will continue to search for these open doors in open source code, predicting "even more injection, cross-site-scripting (XSS), and other attacks against Web apps to steal confidential information" [source].
Why target these open source platforms? With Microsoft pumping out security improvements and hardening of other OS's, hackers are forced to direct their efforts elsewhere.
It's now more important than ever to regularly patch and update clients' systems and software!
5. Greater Reliance on Cybersecurity Leadership
This brewing storm of incoming threats means we'll need stronger information security leadership in 2015. In fact, ThreatTrack Security's 2015 Predictions from the Front Lines report highlights the need for an organization to have a Chief Information Security Officer (CISO). Their research indicates that having a CISO better prepares an organization because they're more aware of the financial implications of cybercrime and can communicate the severity of these threats to senior management. The report indicates that "companies with a CISO are 25% more aware they may be targeted by cybercriminals in 2015 than those without a chief security leader."
Similarly, results indicate that organizations with CISOs are investing more heavily in next-generation defenses and preventative security measures to fend off data breach attempts.
Have you updated your security policies?
With mobile vulnerabilities on the rise in 2015, how are you handling the BYOD revolution?