When looking ahead, the landscape of threat, policy, and security is likely to become even more dynamic with cyber-attacks on the rise throughout 2013. These attacks will be more prevalent than ever across a larger breath of individuals and organizations as hackers broaden their target markets.
With the inevitable increase of security threats, Hardware.com presents five security trends we expect to see over the coming year.
1. Web attacks will evolve.
More common and simpler attacks will become easier to address, and companies will concurrently face new variants of web-based attacks. While effective and well-known SQL injection attacks will remain one of the most popular and damaging methods that receive media attention, other less popular attacks like Cross-Site_Request_Forgery (CSRF) are likely to increase. Many websites are vulnerable to CSRF, yet it is rarely addressed or protected against. This attack controls a user’s function of a website or application when he or she is logged into the site. As fewer damaging attacks start to drop off, CSRF is likely to become more widespread.
2. Software Defined Networking (SDN) will usher new intelligent security solutions.
In 2013 SDN will foster the rise of virtual networking focusing on activation, configuration, and service—changing the ability to direct traffic flows along a designated path. Security capabilities will begin to be distributed intelligently at the service layer. As a result, the security industry will leverage and extend the SDN approach by taking advantage of the control and data plane separation to provide for more agile and effective security. This level of security will intelligently monitor and respond to cloud and mobile network threats on a commensurate scale.
3. Cloud adoption will drive new security investments.
More organizations will adopt hybrid cloud models. They will also start looking for ways to provide secure remote access and extend BYOD & BYOS capabilities to their employees. We’ll likely see more mobile and web application security as a cloud-based service, as well as “information gateways” that add encryption and DLP from the enterprise to the cloud.
4. Mobile malware will increase and focus on profit.
Mobile threats continue to grow rapidly and increase in complexity. Juniper’s Mobile Threat Center reported a 350% increase in malicious and invasive applications targeting mostly Android users over a 12-month period, ending in October 2012. In particular, there will likely be a focus on exploiting financially-related transactions and applications. With mobile banking and NFC payment systems becoming mainstream, they will be an increasingly valuable target for attackers.
5. Expect an upsurge of large-scale web attacks.
The industry can expect to see a significant uptick in public breaches. On average, each breach is likely to be higher in financial consequences than the previous year’s breaches. It could even be possible that there will be an attack as big if not bigger than the epic Sony hacks of 2011. According to the Verizon Data Breach Investigation Report, “Web applications…were associated with over a third of total data loss” in 2012, and this trend is likely to continue—if not get worse. Even more alarming, large organizations with mature security practices are more likely to be the target of web-based threats.
Thanks to hardware.com
- OWASP Khartoum – CSRF Session – Abdullah Ulber – January 2013 (slideshare.net)
- CSRF Flaws Identified in Online SMS-Sending Services 160by2 and Way2SMS (news.softpedia.com)