Perhaps the biggest irony in today’s technological world is the simultaneous existence of an acute awareness of security threats and the total lack of willingness to do much about it. Yes, IT departments everywhere work their posteriors off trying to protect company data but users both within and without the company continue to circumvent those efforts.
It is typical these days to see business users spin up virtual machines on public clouds, wantonly place company data in public cloud storage or file sharing solutions, and download malware-laden apps on mobile devices connected to the company data center. It’s enough to drive anyone in IT stark raving mad.
Then there is the swarm of consumers who use no anti-virus programs or rarely run full system scans, fail to apply patches to anything, and in general “volunteer” for service in a malware bot army.
In light of the collective threats, it all appears to be a real-life manifestation of Star Trek’s Borg and the feeling that “resistance is futile” becomes overwhelming. But even against such odds, IT staff soldiers on in a war that looks increasingly unwinnable with every passing day. They are the unsung heroes of a cyberwar that few outside their ranks even acknowledge exists.
But that is not to say that IT is powerless or has too little in its arsenal to fight back effectively. It just means that the cyberwar will continue for time eternal and forever evolve into progressively more sophisticated attacks. IT will always have to increase the sophistication of its defense accordingly. That requires the ability to correctly assess threats and prioritize response levels.
To that end, here are three IT security threats in 2013 that warrant your full attention:
1) Hacking-as-a-Service. Yes, hacking-as-a-service has existed in a somewhat cruder form for years now in that criminals have met in secret, both online and off, to share hacker tools and tactics for pay. But now a new McAfee report says that criminal forums are falling in popularity and giving way to the rise of a more anonymous and formalized hacking-as-a-service format.
The service providers are thus able to stabilize pricing by avoiding haggling and remain a safe distance from buyers who might be undercover cops or persons willing to rat on their cohorts to law enforcement.
This means any individual or group with a bone to pick with your company or a desire to peek at your proprietary secrets can easily secure a highly sophisticated means to attack using only a few clicks and an untraceable online payment method.
2) Precision Targeted Malware. Criminals are no longer simply studying software and looking for security holes to climb through. They are now studying how security analysts find malware in order to render automated analysis ineffective or at least less effective. In effect, these criminals are no longer just taking over programs; they are blinding the defense team too. The Flame and Gauss viruses are examples of this category of malware. You can find more information on this and other malware on the Kaspersky Security Bulletin.
3) Malware that blocks security updates on mobile phones. According to the McAfee report, your carefully crafted automated security updates for employee BYOD devices may soon be immobilized leaving all those devices wide open for attack on many fronts and main-lining those attacks directly into your company data. Indeed, blocking security updates on phones is merely the first wave as it is typically and quickly followed with the installation of other malware that quickly spreads. You can read more about advanced mobile security threats on the McAfee report.
There are many more threats than the three listed here, of course. The effort here was merely to direct attention to security threats that were most likely to be overlooked, not necessarily to the ones thought to be the “worst” threats which is a meaningless designation anyway because the worst threat is the one that gets through your defenses and gets its job done.
Perhaps your best defense is collaborating with other organizations to pool resources and knowledge and collectively address threats to the common good. In any case, knowledge is always the first defense so be sure to stay abreast of new security threat developments
Pam Baker is the author of eight books and hundreds of technology articles published daily in leading online and print publications. She is a member of the National Press Club (NPC) and the Internet Press Guild (IPG). You can reach her or follow her on Twitter and on Google+.