Watch for data destruction, advanced malware reduction, new exploit kits and offensive security.
This year, cybersecurity took centre stage with nation-state attacks, numerous high-profile data breaches and prominent cybercriminal arrests. Cybersecurity researchers from Websense Security Labs have put their heads together and come up with their 2014 predictions to help organisations defend against attacks throughout the entire threat kill chain.
Charles Renert, VP of security research for Websense, said: "Bypassing traditional defences was raised to an art form by cybercriminals in 2013. In 2014, cyberattacks will be even more complex and diverse. While the general volume of advanced malware will decrease — we predict the volume of targeted attacks and data destruction incidents will increase. Organisations must up their security game as attackers continue to seek new ways to penetrate traditional defences at every stage of the threat lifecycle."
Websense 2014 security predictions highlights include:
1. Advanced malware volume will decrease.
According to the real-time telemetry feeds in Websense ThreatSeeker Intelligence Cloud, the
quantity of new malware is beginning to decline. Unfortunately, this is bad news for organisations.
Cybercriminals will rely less on high-volume advanced malware because over time it runs a higher risk of detection. They will instead use lower volume, more targeted attacks to secure a foothold, steal user credentials and move unilaterally throughout infiltrated networks. Although the volume of attacks will decrease, the risk is even greater.
2. A major data-destruction attack will happen.
Historically, most attackers have used a network breach to steal information for profit. In 2014, organisations need to be concerned about nation-states and cybercriminals using a breach to destroy data. Ransomware will play a part in this trend and move down market to small- and medium-sized organisations.
3. Attackers will be more interested in cloud data than your network.
Cybercriminals will focus their attacks more on data stored in the cloud vs. data stored on the network. This tactical shift follows the movement of critical business data to cloud-based solutions. Hackers will find that penetrating the data-rich cloud can be easier and more profitable than getting through the "castle walls" of an on-premise enterprise network.