It's that time of year again, when the great and the good start posting lists of their industry predictions for 2015. We will be posting forecasts from our 2-sec consultants right up to Christmas on LinkedIn, but I thought I'd start the ball rolling. Here's a short snippet on what I, and the rest of the team, personally expect to see in the Cyber Security industry next year…
Tim Holman – Tim is CEO at 2-sec, President of the Information Systems Security Association UK (ISSA-UK) and Director of the Information Systems Section Assocation (ISSA) international board.
“The retail sector will continue to be under fire. We all know about the recent hacks into global merchants such as Home Depot, Target, and Sony. And more importantly these hacking attacks are being picked up by the global media. International companies, who have spent millions on projecting a trusted brand image, find that the attacks have left them with a dented reputation, and a sharp decline in their customers’ confidence and expectation.
There is huge damage to their reputation. Look out for further hacking attacks in 2015 and an increased media circus around each one.
I think credit card theft will certainly increase, namely because more and more credit cards are being injected into the market so there’s more to steal, and more targets to go after as more and more smaller merchants are encouraged to give up case and take credit card payments instead.
Professional hackers know there is a huge market for the personal identity dossiers of users, including behaviour, geographical data etc. As companies increase their defences then cyber criminals will increase their own efforts – the rewards are just too big for them to ignore.
I’m still very concerned about small businesses, who are still in denial about their vulnerability and attractiveness to cyber criminals. At 2-sec, we’re still seeing smaller businesses who think that they are not important enough to be hacked, and are still holding onto very 1990s ideas about cyber security. I’d like to see that change in 2015.”
Chris Phillips – Head of Physical Security Consulting at 2-sec and ex-head of NaCTSO, the UK’s National Counter Terrorism Security Office.
Chris is one of the most experienced physical and cyber security consultants in the world and has recently held the post of Head of the National Counter Terrorism Security Office in the UK. Chris now specializes in giving strategic counter terrorism advice and best practice to “at risk” companies, individuals and governments. As head of Physical Security Consulting at 2-sec, Chris and his team work on physical security assessments and penetration testing exercises for all sizes of business. Please click here to contact Chris and the team at 2-sec for a no-obligation discussion on securing your business premises and data.
“2015 promises to be another year where terrorism of one form or another dominates the headlines.
Counter terrorist officers have just spent a very interesting week briefing the UK public and business on how to reduce their vulnerabilities to the threat posed by violent extremists. The Government is preparing to grant the police extra powers to amongst other things to ensure that internet firms hand over information about terrorism to the authorities. What's not clear is how the police will be able to react as they are already fully stretched. Since 2010 they have lost over 16,000 officers.
In 2015, there will be an increased necessity for business to protect themselves. All businesses need to be vigilant against the threat of terrorism and serious crime.
This does not just mean the physical threat. Cyber-attacks by disaffected extremists will be just as damaging to UK businesses and organisations as physical attacks.
These threats are not just coming from abroad. Home grown terrorists, radicalized from images and message online are terrifyingly active. They may already work inside your business. Identifying suspicious activities of individuals will become the norm for any resilient business.
Educate yourself and your employer about how to spot suspicious behaviour! Develop a culture in your business that means everyone understands and values security. From the obvious, such as spotting a suspicious package in a public place, securing your business and home IT systems and networks, right through to ensuring that a member of your staff isn't becoming radicalised. We can all do something to ensure the threat doesn't manifest itself into a deadly attack.
If everyone can do their bit, then we can all make the terrorists life more difficult.”
David Farndale – David is a Senior Security Consultant at 2-sec, with over 16 years in the industry.
David has extensive experience in compliance, vulnerability and threat management, including the use of big data and advanced event logging solutions. He’s well versed in anything from creating security policies and procedures through to hands-on configuration and third line support of operational security controls. David is a PCI DSS QSA and also handles ISO 27001 assessments at 2-sec. Please click here to contact David and the team at 2-sec for a no-obligation discussion on securing your business premises and data.
“In many organisations, many are convinced that the most deadly attack will come through an email phishing scam. This style of criminal attack is now much more sophisticated and evasive.
Instead of below par non-native English and obviously suspicious links and addresses, some attacker groups are using targeted knowledge and well-honed language to bypass company security measures.
The recent FIN4 case has demonstrated that attackers are after high-profile users who have knowledge of corporate information including mergers and acquisitions. The FIN4 email was modelled as a “whistleblower” type of email, informing the user about an employee who had allegedly disclosed private business matters on the net.
These “spearphishing” attempts are created to convince individuals who hold valuable information or hold a highly influential position within an organisation.
In 2015 these attempts will increase and the emails will only become more convincing.
More needs to be done within organisations around user awareness, training, time, effort and resource needs to be allocated to achieving this, if security awareness is not communicated at all levels in the business then these type of attacks will continue to be effective.”
Robin Wood – Robin is a Senior Penetration Tester at 2-sec and founder of DigiNinja and SteelCon.
Robin is an experienced developer, and his 18-year career has spanned roles at RandomStorm, team Nomad and Technophobia, and Robin is a CHECK Team Leader, with SANS GIAC GAWN and GCIH certifications. As a penetration tester with significant web application development experience, he can not only find flaws in applications fast, but can also liaise with developers and tell them how to fix them.
Please click here to contact Robin and the team at 2-sec for a no-obligation discussion on securing your business premises and data.
“Vendors and the media will invent, or reinvent, a class of vulnerability. Vendors will produce products to protect against it, some will work, some will sell well and make a lot of money, the two sets will not necessarily overlap.
Companies will continue to get breached using both exciting new novel techniques and old ones that have been around for years.
With the amount of regulation, connected devices and data stored constantly increasing, the need for good security will only ever increase. Make sure you chose wisely when picking your security partner, don't end up as a statistic in one of the many breach reports.”