Many governments and businesses have reported an increasing number of security breaches in information systems during recent years. Cyberattacks in 2013 are believed to have compromised over 800 million records, and major security breaches in 2014 affected U.S. Homeland Security and Sony.
The capabilities of cyber criminals throughout the world will continue to increase, placing businesses and government agencies at greater risk. Significant trends in cyber security heading into 2016 include the increased use of encryption, more frequent exploitation of existing vulnerabilities, significant attacks on the Internet of Things (IoT) and major flaws in popular software.
Encryption Standards in Cybersecurity
Sophos predicted in 2013 that OS vendors and hard disk manufacturers would begin to implement full-disk encryption that would be managed by security software. Modern enterprises have largely realized this trend by 2015, which will become the default practice due to growing concerns about data privacy and security. A review of Android mobile applications shows that they frequently use encryption to protect data on the local device, a feature that has become more common in the last two years. However, these apps often fail to implement encryption correctly. For example, an Android app may use Secure Socket Layer (SSL) without implementing certificate pinning, rendering the encryption largely ineffective.
Many businesses also want to encrypt cloud services, although they’re likely to be slower in adopting audit processes to ensure the encryption is implemented correctly. Encrypted network traffic will present a challenge to the providers of standalone network security solutions, since the network can't intercept and scan encrypted traffic. This situation will significantly impact the delivery of network security in the next few years.
Exploitation of Existing Vulnerabilities
Cyber criminals have become more proficient at exploiting existing vulnerabilities in the last few years. Malicious code is more likely to infect the system via a web browser, as opposed to the traditional method of using spam as the primary vector.
Major software vendors such as Microsoft are beginning to use several methods that mitigate the exploitation of software vulnerabilities. For example, Data Execution Prevention (DEP) is a technique for preventing the execution of malicious code in memory. Address space layout randomization (ASLR) shuffles memory around to make the development of malicious code more difficult. Many of these techniques were first implemented in Windows 8.
The increased difficulty in creating high-value exploitations of high-profile targets such as Internet Explorer may cause attackers to return to traditional methods of social engineering instead of directly exploiting software. Attackers may also focus on non-Microsoft platforms, which may have fewer vulnerability-mitigating features. Older Microsoft platforms will also remain vulnerable to exploitation.
The Growing Trend of IoT Attacks
IoT attacks began to move from the purely conceptual to the practical in 2014. The VP of Professional Services at Avecto reports that attackers will make greater use of dark net, peer-to-peer (P2P) and Tor communications to access IoT devices during the coming months. Forums that sell stolen data and malware on IoT devices are also likely to proliferate in the near future.
IoT devices generally fail to implement basic security measures that are common in mainstream computing devices. IoT devices such as wireless routers can be hacked with relative ease using command injection from a web browser.
Many wireless plugs trust the local network, so they don’t have their own username/password. A CCTV camera can also be easily hacked if it doesn’t implement an account lockout. The security industry must evolve to deal with the current vulnerability of IoT devices before cyber criminals develop a business model that will allow them to profit from these vulnerabilities.
Major Flaws in Popular Software
A number of major security issues involving popular software have already been discovered within the past year. For example, the Heartbleed security bug that affects the OpenSSL cryptography library was first reported in April 2014. The Shellshock family of security bugs affects the Unix Bash Shell and was disclosed in September 2014. The managing director of the Information Security Forum expects the severity of such security threats to increase in the second half of 2015 and beyond.
Enterprises have typically established protocols for deploying patches on Windows systems. However, many businesses experienced very slow patch times for Heartbleed and remained vulnerable for months after the public announcement of this vulnerability. The managers of these systems may not have learned the lessons on these issues yet, leading to additional lengthy periods of vulnerability for a large number of users.
Advanced Degree for a Rewarding Career in Cyber Security
A Master of Science in Cybersecurity offered by Utica College online prepares students for this continually evolving field and arms them with the necessary skills to combat advanced cybersecurity threats.
Learn about the rewarding careers in cybersecurity
- :: Discover the latest technology used by professionals in this field.
- :: Learn how to incorporate your skills to improve security measures
- :: Find out how to leverage your degree to advance your career