Brought to you by WatchGuard Technologies
As 2014 wound down, news headlines were dominated by a high-profile cyber-attack on Sony Pictures that would forever change how enterprises viewed online threats.
Not only was a movie later pulled from cinemas, as theatre operators worried about the fallout. Employees’ private data such as Social Security numbers and e-mail were exposed as well. With many IT systems shut down, messages could not be sent over e-mail.
The impact terrified many enterprises, which started asking if they had done enough on cyber security. Today, many of the threats from end-2014 are still ever present.
Nearly a year ago, WatchGuard Technologies had predicted that nation states would ratchet up cyber defences and attack capabilities. In the months after, cyber espionage incidents started to become more common.
In July, the United States government’s personnel management agency was hit by hackers that the Americans believe to be from China. Among the data stolen was the sensitive information on 21.5 million people who have undergone background checks for clearances, reported Reuters.
That was just one of several concerns in 2015.
Malware has jumped from desktops to mobile devices. Ransomware has become a lot more common in 2015, with hackers finding new ways to monetise such mobile infections. This year, they have been locking users out from their own phones and tablets, forcing them to pay up a ransom to gain access to their precious photos and e-mails, for example.
Business verticals have also been the target of attacks in 2015. Not just the obvious targets such as Sony Pictures, but also connected companies in an industry that can be exploited for monetary gain. Hackers have targeted aerospace firms, car makers and law firms in a bid to steal business and industrial secrets.
At the same time, encryption has become even more important in cyber security, as governments seek to break it for “law enforcement use”. The challenge for many in the security industry is to keep leveraging encryption that is hard to break, while not slowing down bandwidth and affecting business.
As 2015 ends, it is important to once again assess why hackers do what they do. Motives have long moved from mischievous exploration to cyber activism, to organised criminals stealing billions, to nation states launching long-term espionage. Understanding such motives will help organisations better protect themselves from attack.
New Year, New Threats
In 2016, several new areas will keep security professionals alert throughout the year. A look at what was presented at the Black Hat conference in Las Vegas in August gives a sense of some new areas of concern:
Mac Attacks – Increasingly hackers are developing malware to get around Apple’s security tools to target the growing number of users
Biometric Hacks – An area that would interest hackers as more phones rely on fingerprint sensors to let users in
Cloning SIM cards – Hackers have shown off how they have cracked encryption keys and cloned SIM cards, giving them access to calls and message.
Payment Devices – Just like how people have created fraudulent credit cards, criminals could clone common NFC payment cards to make payments.
Managing A Unified Threat
The two seemingly incompatible objectives can be achieved with the right cyber security solution.
This comes in the form of a “take no prisoners” Unified Threat Management (UTM) that brings an all-in-one security platform to the table. With this, customers should not have to make a compromise between protection and performance.
What they have to do though is break out of silos and stop today’s multi-vectored threats with a single powerful device. This also helps manage security tools with a centralised console that makes it easy to set up and deploy policies.
A top-notch solution should also be constantly scanning for threats, which comes in all forms and directions. Whether an attacker is attempting to enter via “spear-phishing” (targeting individual users) or watering holes (compromised websites that victims unknowingly visit), security professionals have to mitigate an increasing array of risks faced every day.
From filtering packets from the Internet to application control, blocking Web content to acting against polymorphic threats, the solution has to provide assurance that it can keep out attackers as best as possible and prevent the loss of data even if a threat actor does enter the network.
Find out more about WatchGuard’s Unified Threat Management solution here.
