Now is a good time to look forward to what we expect the New Year to bring. With this in mind, what threats will security professionals need to address this year? Current trends indicate the following five threats may make headlines in 2013.
1. Attacks That Clobber the Cloud — Companies are going to increasingly move to cloud based services, which present an interesting target for hackers. If a cloud provider becomes compromised, all of its customers could become compromised.
2. Pay Me, I’ve Got Your Data — 2013 may be a big year for ransomware. This form of malware generates a pop-up window or message that presents an official looking message. It explains that the computer has been locked because of possible illegal activities on it and demands payment to unlock files and programs.
3. I Want to Use My New Tablet at Work — The concept of BYOD is growing, and employees increasingly want to bring their own phones, tablets, and computers into the workplace. This will require organizations to perform risk assessments, develop policies, and rollout technical controls to mange these devices.
4. You Bumped My Phone — Near field communication (NFC) offers great possibilities to those looking for the ability to easily exchange files between smart phones, yet the technology has shown to be vulnerable to attacks. While some see this technology as having great potential for mobile payments, security concerns do exist.
5. Patch the Infrastructure — One final area of concern for 2013 is the potential for SCADA attacks. Systems that are used to control infrastructure such as power, water, and electricity are now patched on the frequency of computer systems. Malware, such as Stuxnet, has proven that attacks against infrastructures is possible, and with the Internet controlling everything from traffic systems to smart electric meters, such vulnerabilities will increase.
While it’s impossible to predict the future, such thinking does play a role in decision making. Only when we look to the past can we plan to the future and start to make educated risk management decisions.