Last year saw a huge upsurge in the amount of online hacking. Cyber attacks in some form or another were practically a monthly occurrence. In fact, Venture Beat called 2012 a ‘big, bad year for online security breaches’, citing high-profile companies such as AOL, LinkedIn, Google and Yahoo as falling victim to hacking attacks that have exploited their customers’ private information.
This increase in security breaches indicates that all organisations still have a long way to go in safeguarding against traditional and emerging security risks. While it is always difficult to exactly predict upcoming threats, it is clear that 2012’s major security issues around mobility, virtualisation and social networking will continue into 2013.
A trend that has been developing but is yet in its infancy is that of Mobile Security and Mobile Application Security.
Mobile devices are increasingly being used within e-commerce. However the variability of uniformly robust security for smartphone and tablet apps means that hackers can exploit design flaws and break into mobile browsers to intercept online payments. The potential scale of m-commerce fraud is suggested by the growth in online retail sales via mobiles.
Trade body Interactive Media in Retail Group (IMRG) predicts 20 percent of online sales will be made through mobile devices over the peak online trading weeks from the 3rd to 10th December. With scares around poorly designed apps from major brands like Facebook and even banks, consumers will expect data protection to be better embedded within apps in 2013.
While the vulnerabilities of mobile devices will become a greater consumer issue in 2013, the corporate threat is even more insidious. Businesses are increasingly moving from a traditional PC environment and implementing new infrastructures that support new generations of non-PC devices like tablets and smartphones alongside personal computers. As these proliferate, there will be a whole new set of security issues that must be addressed. In particular, mobile devices offer a new way of planting malware on more secure devices, which can then easily be spread across an entire organisation.
Among the scenarios likely to become more common in 2013 is the use of portable devices such as USB connectors to spread malware. The hazard here is that employees using such devices to charge their smartphones could potentially introduce a key logger onto a computer within the corporate development systems. Although USB flash drives have long since been recognised for their ability to swiftly spread malware, mobile phones are becoming a new vector that could introduce attacks on otherwise protected systems.
Another great challenge will be the blurring of personal and business computing in the workplace throughout next year. So far attempts to hold back consumerisation of IT have faltered as people’s lifestyles have become more digitised and workers have used their own devices to improve productivity. Whether BYOD strategies are widely implemented or not, controlling data protection across multiple devices will become essential.
As a result of the post-PC trend, virtualisation is now becoming a mainstream corporate IT strategy. Efforts to secure virtualised environments will be intensified in 2013 as more organisations become aware of how easy it is to copy virtual machines. The data protection challenges of virtualisation are also exacerbated by how virtualised infrastructures based on private and public clouds come with multiple privileged administrators who have free access to confidential data.
One of the greatest threats of 2012 lies in the behaviour of end users themselves and it seems hard to imagine that this will change as we head into 2013. We will continue to be the weak spot with social engineering and social network tools used for exploits. Basically many social media users are unaware of the amount of information they are exposing online.
This information can be easily accessed by hackers, giving them free rein to gain all your personal details. Opening untrusted links and using simple passwords essentially hands your personal data to hackers. They are then able to impersonate users online, which can endanger those connected to you through social networking sites.
This issue around password protection is further amplified by the risks it poses to businesses. Many employees are using the same password for personal accounts and at the workplace and this needs to be acknowledged. It exposes enterprises to significant vulnerabilities and enables hackers to reap rich benefits from access gained to systems and applications that lack comprehensive encryption.
Organisations need to recognise that they keep making the same mistakes again and again. A well executed and managed security solution leverages strong encryption and multi-factor authentication and reduces security risks massively. Thankfully when coupled with multi-factor authentication and secure management of encryption keys, sensitive information will remain illegible to cybercriminals. So there is no need to despair, by taking these straightforward yet significant steps organisations can ensure secure breach strategies become a firm reality in 2013.