The Sony hack, in retribution of the film Interview, resulted in the film’s release being pulled, leaked personal information and emails and stolen films. It ended a year that began with the announcement that contact information for an additional 70 million individuals was taken during the December 2013 data breach of US retailer Target, in which 40 million customers’ credit and debit card information was stolen.
Both breaches highlight the damage of cyberattacks in a year when point-of-sale devices, with endpoints run with little and/or outdated security, were inundated by targeted malware. Ransomware attacks increased and became more sophisticated, as did advanced evasion attacks, which target specific machines or setups but evade detection by behaving as benign applications.
As corporations beef up their efforts to defend themselves against cyberattacks, IT governance, risk and compliance firm Coalfire warns that the cost of cybersecurity and risk management remains on track to double over the next three years.
“As 2014 ends, it is clear this was the year everything changed in the world of information security,” says Rick Dakin, Coalfire’s CEO and chief security strategist. “As high-profile data breaches were announced one after another, consumers stopped believing companies took protecting their information seriously. It’s time for companies to start looking ahead at the next generation of threats and to step up their game to better protect consumer data. The threat landscape is continuously evolving. If you don’t already have threat intelligence and response plans ready for implementation in 2015, now is the time.”
Coalfire predicts that criminal organizations, fueled by both geopolitical and economic incentives, will escalate their development of offensive cyber capabilities. The expansion of mobile, cloud computing and other interconnection options will provide new, and previously unforeseen, opportunities for cybercrime, cyberwarfare and cyberterrorism.
To keep ahead of the curve Coalfire anticipates a shift from defense to offense, with attempts to build impenetrable systems that make it possible to identify attackers and provide the means to prosecute, frustrate or delay them. The firm also foresees more continuous monitoring, at both the individual and organizational level, as well as increased use of crowdsourcing, machine intelligence and cognitive/advanced analytics to detect and stay ahead of threats.
Although Windows remains the top target for cyberattacks, endpoint security specialist, SentinelOne predicts increased attacks on OS X and Linux platforms, which is cause for concern because there are fewer products available to protect them.
SentinelOne also believes that the success of ransomeware campaigns will embolden attackers to devise “time bomb” attacks – by simultaneously attacking multiple resources within an organization, hackers could temporarily halt operations, effectively holding them hostage until a ransom is paid.
Attacks as a Service (AaaS) provided by unscrupulous hackers will enable criminals to visit websites to pick and choose malware platforms and capabilities to build a Trojan and choose their target assets and request a specific number of infections.
Perhaps most worrying, SentinelOne predicts the increase of cyberespionage as a tool for political retaliation in the form of critical infrastructure shutdowns, including cyberinflicted power outages and irregularities in assembly operations at large manufacturing facilities.
So be warned and be prepared for a backlash if lax security is discovered following a cyberattack, and be ready to react swiftly and decisively if it does.