Our friends at Sophos have issued their Security Threat Report 2014. The entire report is necessary, sometimes grim reading. Here are two “trends to watch”:
Attacks on corporate and personal data in the cloud: As businesses increasingly rely on various cloud services for managing their customer data, internal project plans and financial assets, we expect to see an emergence of attacks targeting endpoints, mobile devices and credentials as means to gaining access to corporate or personal clouds.
It’s hard to predict what form future attacks will take—but we can imagine ransomware taking hostage not just your local documents, but any type of cloud-hosted data. These attacks may not require data encryption and could take the form of blackmail—threats of going public with your confidential data. Strong password and cloud data access policies are more important than ever. Your security is only as good as your weakest point, in many cases your Windows endpoint and your users’ awareness.
Undermining hardware, infrastructure and software at the core: The revelations throughout 2013 of government agency spying and backdoors (not only by governments, but also commercial organizations) showed the world that broad-scale compromise of the core infrastructure we all operate on is not only possible, but happening. We’ll need to re-evaluate technologies and trusted parties. The discoveries so far likely only scratch the surface and we can expect to see many more of these stories in 2014. Most enterprises won’t have the resources or skills to go digging for backdoors. But it would be wise to closely monitor the work of security researchers and media outlets for new revelations.
On this latter trend, the wonderful editorial cartoonist Tom Tomorrow was prophetic. The cartoon below is from 1994:
