About this time last year, experts and analysts all placed their official predictions for the cyber threat landscape in 2015. Now that a year has come and gone, it would be interesting to see if these so called analysts were correct. Today, we will review some of the most common web security trends that experts thought would be a major issue in 2015. As a reference, Symantec developed an excellent infographic that summarizes 10 popular cyber security predictions made by industry experts. Let’s take a look at some of their ideas versus what really happened in 2015.
Before we dive into the list, it’s important to note that cyber security is a very fluid environment and web hackers are always looking for new ways to compromise our personal data, computer systems, networks, etc. Even if hackers themselves aren’t directly attacking your web security (or lack thereof), they can even send botnets to remotely attack your network. To put it simply, anything that can connect to the internet and communicate pertinent information between users can and will be hacked. This certainly proved to be the case in 2015. Here is a brief summary of the top 10 internet security predictions as organized by Symantec.
1) Internet of Things (IoT) Smart Home Targeted Attacks
As IoT implementation increases throughout the APAC region, Symantec accurately predicted the rise of cyber attacks targeting plug and play devices, such as CCTV cameras, alarms, lighting, and household temperature control. InfoSec Institute experts reported that devices connected to the IoT in our own homes were very vulnerable to attack since they collect so much personal user information, such as behaviors, personal preferences, addresses, phone numbers, etc. In addition, the emergence of IoT technology has been so new that security protocols have been rather lackluster during initial rounds of launch. One example of smart home features that can get hacked are smart meters. Web hackers can effectively access smart home meters to remotely control temperature, cause blackouts, or even lead to billing fraud—all at the expense of the user.
2) An Increase on Mobile Device Attacks
Mobile devices have long been overlooked as a source of web hacking targets. However, as many users began transitioning to online or mobile payments that were constantly interconnected to their personal banking information, the rise of hack attacks on mobile devices as also increased. In 2015, Samsung faced a major crisis when its Apple Pay alternative service called LoopPay was hacked by Chinese hackers. This received a large backlash from the general public as users who were the first to integrate “tap to pay” technology into their daily lives faced concerns about sensitive data leakage. Fortunately, Samsung was able to escape the fiasco unfazed as the hackers were unable to access essential Samsung Pay customer data.
3) Machine Learning Will Be a Big Game Changer
The emergence of machine learning techniques in order to intelligently predict and assess cyber security issues autonomously will surely be a game changer. This is a significant change from the current method of attack or cyber security issue detection, which is based on preexisting patterns or signatures. In essence, the predominant form of cyber security is to assess each situation and attack based on events that have already happened in the past and match their behaviors. Although there are many cyber security companies that focus on new logic based or non-pattern based learning to detect web attacks, this form of cutting edge detection technology has not yet been fully maximized by the industry. Symantec might have jumped the gun a little too fast on this prediction, but they are not too far off. Machine learning sure has the power to be a disruptive force in the battle of cyber security, but it still has a ways to go before a full scale implementation or widespread adoption by the market.
4) Users Will Sacrifice Their Privacy for Mobile Apps
With the continued rise of mobile app integration into our daily lives, it’s no surprise that users are willing to sacrifice their personal data to gain access to certain applications. For instance, in the Google Play Store, users are typically prompted with a message that tells them the data that each app will have permission to utilize before they execute the download. However, this seems to be more of an overlooked formality than a sign of concern. Last November, South Korea was forced to pull their child monitoring application, Smart Sheriff, which helps parents track their children’s location due to “catastrophic” privacy concerns. This security vulnerability was only discovered and disseminated after hundreds of thousands of parents already installed the application on their phones.
5) Ransomware Scams
Symantec has reported that ransomware attacks increased by 500% in 2013 and they fully expected that trend to continue well into 2015. Turns out they were on point with their prediction. According to Dark Reading, 2015 was described as a “banner year” for ransomware attacks due to their sophistication and the high profile organizations they were able to manipulate. One of the biggest attacks was from a ransomware program called CryptoWall. This attack program essentially infiltrated users’ computers via email or fake downloads, then subsequently encrypted files located on the victim’s desktop (i.e. Word documents, PDF files, PPT slides, etc.). The program would then ask for a ransom payment in order to decrypt these personal files again. CryptoWall saw various versions being released in 2015. The third iteration of the program, CryptoWall 3.0, apparently made $325 million dollars in ransomware threat payments.
6) 2014 Cyber Attacks Will Bring More Awareness to Cyber Security Importance in 2015
Although experts correctly made this prediction, the topic of cyber security was clearly on the minds of many industry leaders and stakeholders for 2015. As more and more businesses, as well as casual users, become connected to the internet, the fears of cyber attacks are becoming all the more real. 2015 saw the passing of the controversial Cybersecurity Information Sharing Act, which aimed to improve online web security by having technology companies share information regarding cyber threats with the US Government.
7) Distributed Denial of Service (DDoS) Attacks Will Continue to Rise
Given its relative ease of execution and the anonymity that hackers are able to operate under, it’s no wonder that DDoS attacks are some of the most commonly used hacking methods. That being said, DDoS attacks hit record highs in Q2 of 2015. According to Akamai, DDoS attacks grew approximately 132% from Q2 of 2014 with more than 12 attacks being categorized as “mega attacks”. The scary part is the DDoS attack trend doesn’t seem to be slowing down anytime in the near future.
8) Tracking User Behavior in Favor of Passwords
By now, everyone is in total agreement that the vulnerability of passwords is a major target of cyber threats. There have been various remedies to mitigate these concerns, such as turning to face recognition software, fingerprint or iris scanning, etc. However, many security issues can also surround these new methods, which led experts to correctly predict the initial rise of user behavior authentication. In 2015, companies began exploring and studying possible human behavior algorithms to replace passwords that access sensitive data. This has led to various companies, such as Wells Fargo, to begin studying the unique characteristics and behavior of users to help create a personalized digital persona. User behaviors can include patterns such as how a person walks, how they hold their phone, or even how they type on a computer. This kind of behavior is extremely difficult to replicate, which can lead to the ultimate downfall of user created passwords.
9) More Businesses Will Use the Cloud and Security Concerns Will Persist
According to Beta News, the adoption of cloud applications by businesses grew by roughly 71% from last year. Furthermore, cloud integration has doubled year-over-over in certain unregulated industries. As more and more companies begin to migrate their data and business processes to the cloud, the concern for properly securing that information will be critical. This explosion in cloud adoption in 2015 also paved the way for the emergence of third party cloud security providers, which helped companies properly secure their information and cloud environments.
10) Cyber Security Will Lead to Strengthened Joint Partnerships and Collaboration
Symantec correctly predicted that many industries, particularly financial and healthcare related organizations, will begin to coordinate with more established cyber security firms in order to strengthen its security processes. However, the key information that they were unable to predict was the proliferation of cyber security acquisitions by large corporate players. For instance, Microsoft began tapping into the vast potential of the cyber security startup scene. Within a one year span, Microsoft successfully acquired three Israeli security startup firms with deals ranging from $77 million all the way to $300 million. The boom in cyber security startups, as well as subsequent acquisitions by key players, was something that Symantec did not have the foresight to predict.
2015 was the culmination of various industry changing trends and jaw dropping news stories that took the cyber security world by storm. As more people became aware of the dangers of security vulnerabilities, the importance of staying ahead of the game and keeping yourself safe from attack has surely come to the forefront. Remember, the cyber security industry is constantly evolving, so it’s ultimately up to you to stay informed and take the necessary precautions recommended by industry experts to keep your information safe.