2013 has been an eventful year in the information security space, as information became the most valuable and challenging asset for organisations while being border less and dispersed, as cloud, mobility and “bring your own device” took a stronger hold on businesses. Information security has been immensely threatened with businesses, government and individuals relying on the internet for dynamic needs and cyber criminals have devised more sophisticated methods to trap victims. Blurring boundaries between consumer and business, sophistication in enterprise attacks and dispersion of authority for security within the ecosystem has led to growing concerns over data, financial information and critical infrastructure.
The threats observed throughout the year were in line with the predictions first made by Symantec which saw conflicts between nations, organisations and individuals; using evolved social engineering techniques and cloud based attacks aimed at financial gains, IP and in some cases to bring down the critical infrastructure. Symantec’s report findings also points at India as among world’s top five countries for the highest number of incidences of cyber crime such as ransom ware, identity theft and phishing. India also witnessed a 280% increase in Bot infections, with a sizable percentage coming from cities emerging cities such as Bhubaneswar, Surat, Cochin, Jaipur, Vishakhapatnam, Indore, Kota, Ghaziabad and Mysore.
As the New Year approaches, we predict that this trend will only further increase as cyber criminals continue to employee more sophisticated and targeted techniques. They will continue to focus their attacks on data stored on the cloud vs. data stored on the network, thus putting a massive challenge for enterprises to handle. Below are Symantec’s top predictions in 2014:
Targeted attacks will increase.
In 2013, we reported on a sophisticated social engineering attack implemented at a French-based MNC who got francophoned, where the administrative assistant to a vice-president received an e-mail referencing an invoice hosted on a popular file sharing service and subsequently received a phone call from another vice-president within the company, instructing her to examine and process the invoice. However, the invoice was a fake and the vice president who spoke to her with authority was an attacker. Incidents like these were observed and we predict that in 2014, these attacks will become commonplace and attackers will further refine these targeted attack tactics to make financial gains.
Perils of social networking
It is tempting to believe that you can move to a new neighbourhood and all your old problems will go away. They don’t in real life and they won’t when it comes to social networking. Any new social network that attracts users will also attract scammers. It has been observed that individuals are increasingly choosing convenience over safety and constantly exhibiting a potentially risky behaviour online. According to the latest Norton Report 2013, 18% social media users connect with people they do not know and 61% access their social network account over unsecure Wi-Fi. Therefore it is important to protect yourself by using security best practices no matter where you are on the internet or how you connect to it .
Internet of vulnerabilities
With millions of devices connected to the internet, in 2014, they will become a magnet for hackers. Security researchers have already demonstrated attacks against smart televisions, medical equipment and security cameras. Already we’ve seen baby monitors attacked and traffic was shut down on a major tunnel in Israel, reportedly due to hackers accessing computer systems via a security camera system. Major software vendors have figured out how to notify customers and get patches for vulnerabilities to them. The companies building gadgets that connect to the internet don’t even realise they have an oncoming security problem. These systems are not only vulnerable to an attack—they also lack notification methods for consumers and businesses when vulnerabilities are discovered. Even worse, they don’t have a friendly end-user method to patch these new vulnerabilities. Given this, we are going to see new threats in ways in which we’ve never seen before.
Cyber criminals will target the weakest links
Third party consultants, suppliers and partners outside the enterprise network as well as business associates in the ecosystem will be the easy targets for attackers as they are the weakest links in the information exchange chain. This includes consultants, contractors, vendors and others who share sensitive information or even have access to the networks of large organisations and government entities. And, it has been repeatedly observed that only a few of these partners have sufficient defenses.
Watch out for dangers in the cloud
Increasingly enterprises and individuals are using public clouds to store and access data. As per the latest Norton Report 2013, 29% individuals in India and 24% across the world are already practicing this trend. And with rise in usage of these platforms for both personal and private information, it is highly likely that we will see this as an easy target for cyber-criminals to penetrate these data-rich cloud platforms for profitable motives.
To learn about Identity Theft, visit- www.cibilconsultants.com
Source: Secondary
No comments:
Post a Comment