As far as cybersecurity goes, 2014 was nothing short of exhausting. If you were lucky enough to not get hacked yourself, chances are you knew somebody — or, more likely, some business — that was. More than anything, what the past year proved is that hackers are bolder and more sophisticated than ever. And if you thought 2014 was a bad year, then just wait to see what 2015 has in store.
From A Record Cybercrime Year To Another Foreboding 12 Months
The past year had it all when it came to cybercrime. Major SSL encryption bug? Check. A large corporate breach every few weeks? Check. Mobile malware all around? You betcha.
In a piece for Digital Trends, Chris Stobing called 2014 "the biggest year for malware yet." The main reason he was able to make this claim is because in 2014, there was seemingly no element of technology that escaped the long arm of the hacker. Starting from the very first days of 2014, people had to accustom themselves to a world in which even the swipe of a credit card could lead to compromised data. Throughout the year, a series of attacks on point-of-sale systems made consumers cautious about payment card use, as the attacked businesses scrambled to diffuse the sense of alarm.
Another thing 2014 taught us is that it doesn't matter how big or well-defended your company is — hackers do whatever it takes to find their way in. This was illustrated most starkly when cybercriminals succeeded in taking control of the computer system of a major film studio toward the end of the year. Not only did the criminals temporarily shut the system down, but they also stole privileged data and leaked it to the public.
Yet for all the concerning cybercriminal trends that emerged in 2014, it looks like the next year could be even worse. That's because even as our means of defending against new strains of virtual crime evolve, so too are the groups carrying out attacks. A recent Forbes piece discussed a few of the virtual threats that experts fear may become more common this year. Here are some of them:
- Mobile payment system attacks: One big development in 2014 was the widespread use of various mobile payment systems. But if you think hackers aren't going to capitalize on that technology as much as the average consumer, think again. According to security researcher Patrick Nielsen,the proliferation of mobile payments will open the door to a new kind of attack in 2015."We expect to see cybercriminals focus more on new payment systems as they are adopted and the potential for criminal financial gain thus increases," he stated. "This will be in the shape of attacks against banks/virtual currency operators, the end users and their devices, and everything in-between."
- Sneakier malware: No surprise here. As experts work to defend against the various malicious strains out there, criminals are working just as hard — if not harder — to outpace any defensive progress. In 2015, expect malware to become stealthier as hackers become more organizedand also more focused on the real work of the modern cybercriminal: stealingpeoples' money."In 2014 we saw a number of significant wins against malware with the dismantling of several major botnets," security expert Andy Avanessian said. "This type of takedown will be much harder in 2015 with malware becoming stealthier."
- Vulnerabilities in open source software: The problem with a lot of open source code is that it's been sitting around for years — giving hackers ample time to detect and exploit vulnerabilities. In 2014, there was a major open source bug that left many peoples' data susceptible to attack. And open source is only likely to be a more lucrative target this year.
Plan For Attack
There's no denying that the cybercrime outlook for 2015 is scary. But that doesn't mean it's beyond the power of your business to control. By making cybersecurity a priority for your enterprise, you can stave off the malicious threats out there and ensure security in the coming year. Here are some proactive steps to take:
- Create strong walls of defense: Don't make your business the kind that all but opens its doors to hackers. By instituting identity-guarding measures like two-factor authentication, you can significantly decrease the possibility of a criminal getting access to your company.
- Guard mobile devices: Cybersecurity doesn't just mean computers anymore. With the emergence of mobile payments and the widespread move toward bring-your-own-device policies at offices across the world, the need has never been greater for companies to defend employees' mobile devices as stringently as they would computers. This can be accomplished through a company mobile device management system.
- Don't assume that employees practice safe computing: One major mistake that many companies make is confining discussions about cybersecurity to the IT boardroom only. The problem with this narrow scope is that cybersecurity isn't just an IT issue — it's a company issue. All it takes is one employee downloading a malicious file to threaten an entire corporate infrastructure. With that in mind, don't presume that your workers will practice secure computing. Instead, instruct them on how to keep your business safe.
By following these steps, you can ensure that even in a heightened threat environment, you won't be the next corporate victim of an attack.