Predictions for 2015: Security Threats on the Horizon
Posted on Apr 8th, 2015
When Former Secretary of State Hilary Clinton <a href="http://stockquotesnow.com/blog/key-questions-remaining-about-hillary-clintons-e-mails-usa-today/" data-cke-saved-href="http://stockquotesnow.com/blog/key-questions-remaining-about-hillary-clintons-e-mails-usa-today/">told reporters that her private server was “on property and protected . . . and there were no breaches,” the collective shudder that rippled through the IT security community tasked with protecting national data was palpable.
Setting aside any political ideology surrounding the revelation that Clinton went off network while holding the most senior foreign policy position in the United States government hierarchy, the situation exemplifies a virtual nightmare for information services personnel. The sea of red flags her statements raised in <a href="http://www.cnn.com/2015/03/10/politics/hillary-clinton-email-scandal-press-conference/index.html" data-cke-saved-href="http://www.cnn.com/2015/03/10/politics/hillary-clinton-email-scandal-press-conference/index.html">less than six minutes provides ample clues to the most challenging cyber threats on the 2015 horizon.
Blurry Perimeter Edges Create Challenges
While enterprises struggle to address issues with mobility and foreign device accommodation, integrating hybrid personal-official servers is BYOD on steroids. Commingling privileged data with personal minutia, effectively increases exposure risks from external sources.
When <a href="http://www.businessinsider.in/Here-Are-10-Internet-Security-Predictions-For-2015-BySymantec-Infographic/articleshow/45283833.cms" data-cke-saved-href="http://www.businessinsider.in/Here-Are-10-Internet-Security-Predictions-For-2015-BySymantec-Infographic/articleshow/45283833.cms">Symantec predicted evolving user behavior will move beyond passwords toward more stringent security measures, they may not have considered the possibility of government officials installing private servers. The reality today is many government contractors and DoD affiliates likely already deploy private servers, or will in the future. Similar threat vectors exist in healthcare, legal, and education environments.
Internal Hazards vs. External Threats
Not all industry experts and analysts agree about what the most significant risk points are. According to this <a href="http://www.websense.com/assets/reports/report-2015-security-predictions-en.pdf" data-cke-saved-href="http://www.websense.com/assets/reports/report-2015-security-predictions-en.pdf">Websense report, and other published predictions, we’re likely to see at least one significant breach originating through the manufacturing sector. Where Symantec listed smart home devices as the number one threat facing IT security teams in 2015, Websense predicts it won’t be the appliances you have to worry about, rather a programmable logic controller or similar connected apparatus will open the door to cyber-attacks.
There’s Protection, and Then There’s Protection
Physically protecting hardware and equipment from theft and damage is laudable. However, you can’t point a loaded gun at a cyber-infiltrator. Physically protecting the hardware won’t do anything about sophisticated malware, phishing schemes and silent recon efforts. <a href="http://www.zdnet.com/article/2015-security-predictions-iot-attacks-to-join-cloud-breaches-and-ransomware/" data-cke-saved-href="http://www.zdnet.com/article/2015-security-predictions-iot-attacks-to-join-cloud-breaches-and-ransomware/">ZDNet expects an uptick in complex techniques that run in memory only mode, avoiding a physical footprint. Detecting fileless attacks will require enhanced antivirus and antimalware protocol.
Look for Cloudier Behavior
ZDNet predictions also include an increase in cloud-based application breaches, triggered by volumes of online activities like uploading personal photos, downloading entertainment files and online purchasing behavior. Hacker's don't intentionally advertise data extraction details. No visible evidence of an attack doesn't necessarily mean data won't be siphoned off when it's convenient for stealthy cyber-reconnaissance scouts.
As firewall solutions have evolved from UTM to NGFW to DCFW, there has been a consistent concentration on controlling outside elements. The next generation of firewall solutions must address internal risks. Internal Firewall (INFW) integrates visibility and protection across a broader landscape – borders, cloud applications, email, gateways – covering servers and endpoints. Rapidly deploying transparent security solutions is essential to protecting valuable data in real-time as opposed to traditional methods which require identifying a threat, initiating trace procedures and remediation.
When considering the best way to protect your organization, turn to experts who can help. TVAR Solutions is a Technical Value-Added Reseller serving the US government worldwide. Since 2006, we have been ensuring that the Federal Government and its business partners achieve the best value from their information technology. Every situation is unique and TVAR works with best in class technology, like Fortinet, to develop the best solution to keep your organization safe and data secure.
Questions/Comments? Please email firstname.lastname@example.org
12/11-12/13 - Law Enforcement - Homeland Security Forum and Technology Exposition
1/10 - GSA, NTSB, HUD, DHS, FAA, DOE at L'Enfant Plaza
Purchasing Information GSA Schedule: GS-35F-0438T
©2018 TVAR Solutions