Cybercriminals are becoming more sophisticated and collaborative with every coming year. To combat the threat in 2015, information security professionals must understand these five trends.
In information security circles, 2014 has been a year of what seems like a never-ending stream of cyberthreats and data breaches, affecting retailers, banks, gaming networks, governments and more.
The calendar year may be drawing to a close, but we can expect that the size, severity and complexity of cyber threats to continue increasing, says Steve Durbin, managing director of the Information Security Forum (ISF), a nonprofit association that assesses security and risk management issues on behalf of its members.
Looking ahead to 2015, Durbin says the ISF sees five security trends that will dominate the year.
“For me, there’s not a huge amount that’s spectacularly new,” Durbin says. “What is new is the increase in complexity and sophistication.”
The Internet is an increasingly attractive hunting ground for criminals, activists and terrorists motivated to make money, get noticed, cause disruption or even bring down corporations and governments through online attacks, Durbin says.
Today’s cybercriminals primarily operate out of the former Soviet states. They are highly skilled and equipped with very modern tools — as Durbin notes, they often use 21st century tools to take on 20th century systems.
“In 2014 we saw cybercriminals demonstrating a higher degree of collaboration amongst themselves and a degree of technical competency that caught many large organizations unawares,” Durbin says.
“In 2015, organizations must be prepared for the unpredictable so they have the resilience to withstand unforeseen, high impact events,” he adds. “Cybercrime, along with the increase in online causes (hacktivism), the increase in cost of compliance to deal with the uptick in regulatory requirements coupled with the relentless advances in technology against a backdrop of under investment in security departments, can all combine to cause the perfect threat storm. Organizations that identify what the business relies on most will be well placed to quantify the business case to invest in resilience, therefore minimizing the impact of the unforeseen.” (read more)