IT security threats for next year will be introducing new players while bringing back some old ones (with a few new twists). The 2015 threat landscape — It's complicated.
The top 5 IT security threats for 2015 include more insider breaches, more crime as a service, and more reputation sabotage.
4. Top Offenders of Insider Crimes 2014
35% are current employees
30% were former employees
18% are current service
providers/consultants/contractors
15% were current service providers/consultants/contractors
13% are suppliers and business partners
11% are customers
Source: PwC
6. Social Engineer Hackers Also Use Open Source
Intelligence (OSINT) Tools
Creepy is a creepy tool that targets victim geolocation information through social
networking platforms and image hosting services.
Maltego is an intelligence and forensics app and is useful to map an organization’s
employees and relationships.
FoxOne Scanner is a webserver reconnaissance scanner that is non-invasive and
non-detectable.
Stalker reconstructs all captured traffic from both wired and wireless networks and
builds a complete profile of the target.
Spiderfoot is a footprinting tools that targets a domain name, IP address [netblock],
or hostname, using 40 OSINT data sources to provide data on the target.
These are just a fraction of the OSINT tools that
can be used to gather information on a target
8. Personally Identifiable Information
[PII] will be hot mama in 2015
Source:s MIT Technology Review | Security Week
Data security has never been a top priority for many healthcare organizations, and IT
budgets are low in comparison to other industries.
Healthcare records hold a mother lode of PII data that can be used for resale in the
black market.
Healthcare records contain vital data on the identity of the individual and are often
linked to financial information.
Healthcare workers often share passwords and workstations.
Websense observed a 600 percent increase in attacks on hospitals during a 10 month
period [from October 2013-August 2014].
Cyber-criminals will increase cyber-attacks
on hospital networks in 2015.
9. “Many of the stories regarding
healthcare information security
breaches have been due to the
negligence of staff.”
– Dell, SecureWorks
11. Reputation will become
the new target for cyber attacks in 2015
Employee badmouthing has never been easier. A disgruntled employee can
become your worst nightmare on social media or in the press.
Negative reviews can pop up on high traffic sites such as City search, Glassdoor,
Google reviews, Ripoffreport.com and Yelp – to name a few.
Hacked emails and the high-jacking of corporate social media accounts will
increase.
Commercial reputation is important in light of social media buzz. Brand
maintenance will be integral in 2015.
Insider activists will continue to leak company information, and hacktivist
collectives will gain more ground in 2015.
Companies should carefully monitor their online reputation and
have a strategic plan in place that can address reputation sabotage .
12. "More insiders will emerge as more people place
their own ethics and perspectives above those of
their employers. Criticism will go viral and those
that come from credible insiders will spread
faster."
--Information on Security Forum (ISF)
14. Criminals value your information
Source: Information Security Forum: Threat Horizon 2015
CaaSattacks will become more innovative and sophisticated.
Unemployed and disgruntled employees will form a talent pool for criminal groups
to gather information needed for these attacks.
Organizational profiles will include details about vulnerabilities or knowledge of
business operations.
Criminals will get better at combining OSINT tools with information obtained
from intrusion and data leaks.
New attacks, both physical and virtual, will target individuals based on their ability
to provide access and information about their organization to the bad guys.
Cyber-criminals are highly motivate d to obtain
company information, or to utilize data leaks.
15. “Most services offered in the underground are
characterized by their ease of use and a strong
customer orientation. They typically have a user-friendly
administration console and dashboard for
the control of profits.”
--Infosec Institute
16. What is your prediction for the top
2015 IT security threats currently
brewing?