Will 2013 be bigger and badder than before?
Malware hits the Mac but is it worth worrying about?
Over the last couple of weeks my inbox has been bulging with predictions for 2013's security trends.
This is not something that is particularly uncommon, as journalists, researchers and analysts are used to vendor predictions of doom and gloom in the year ahead, and how what we have seen in the past year will return bigger and worse than before.
Alongside the 2013 predictions article that ran in our recent January/February 2013 issue, I thought it would be worthwhile to identify some of the common trends. Certainly the most frequent were advanced persistent threats (APTs), state sponsored espionage - specifically in regard to hacking - mobile malware and a continuation from 2012: Big Data.
So from the dozens of predictions I received, which when compiled resulted in a 50+ page Word document, those were the key themes. To give you some idea of how many were talking about those subjects specifically, here is a breakdown:
- APT - 4
- State-sponsored - 4
- Mobile – 10
- Big Data – 5
You may seem surprised that the numbers were relatively low, and I am too when I can say that I collected 32 perspectives. Looking deeper into these topics, APT was predicted to hit smaller businesses (by Imperva) and people (by Fortinet), while Stonesoft predicted more targeted attacks, nation-state sponsored espionage and more aggressive hacktivism than seen before.
In terms of Big Data, Acronis claimed that 2013 would be the year that it would become highly available, while Six Degrees Group claimed that Big Data would cause an evaluation of cloud and hosting providers, specifically as users need to find enterprise-grade cloud drive technologies to safely and securely meet demand for online storage and access.
The mobile area is always a common theme, and it is no surprise that so many predict stronger and worse things for the device this year. There was more targeting of Android (Stonesoft and Eset) cross-platform attacks that will impact PCs, Macs and mobile devices (Bit9 and Websense), malware in app stores (Websense) and a general ‘commodotisation' of mobile malware (F-Secure).
Also related to mobile, the escalation of mobile payments was predicted by Validsoft and Selective Media, while something that caught my eye were predictions that the consumerisation of IT and the problems around bring your own device (BYOD) could be solved.
For example, Lookout said that "businesses would strike a balance between control and employee empowerment" to find the right balance between protection and employee empowerment, and that would be the greatest challenge of 2013. Qualys predicted that organisations would develop strong asset management programs to deal with these issues that will not go away.
Also, Wick Hill Group predicted that 2013 will see companies trying to integrate BYOD into their networks, as "strategic requirements will become increasingly important". It also claimed that mobile device management (MDM) solutions will need to address the problem of managing both employer-owned and employee-owned devices, and differentiating between business use and personal use, with clear separation between the management of business and personal data on devices.
Looking into other areas, the concept of malicious software has now become so widespread that to pigeon-hole it is tricky – can you put something such as Flame and a low-detected sample into the same space?
However, the impact of major worms that were detected in 2012 hang heavy over 2013. Both Venafi and Websense predicted that there would be more Flame-style attacks, with the latter saying that access to that quality of programming would be easier.
Elsewhere, nCircle predicted that there would be more attacks courtesy of SQL injection flaws; F-Secure said that after Macs were hit by their first botnet there would be another ‘Flashback' for Mac; and Symantec predicted that ransomware will surpass fake anti-virus as the premiere cyber crime strategy, although BitDefender said that banking Trojans would dominate fake anti-virus space.
To pick another over-arching trend, there were some predictions around the future of the cloud. To summarise, Imperva said that Identity-as-a–Service would be used by attackers for different activities, Canon predicted a rise in ‘bring your own application' for online storage, while Verizon said that the concept of hybrid clouds would become more prevalent in 2013.
On the other side, BitDefender predicted that while denial-of-service attacks would get worse, attacks against virtualised environments would become more realistic.
Acronis claimed that making data in the cloud accessible in real-time will mean 2013 is the year that cloud storage becomes a reality, while Venafi said that 2013 would see the first fine (likely from the Information Commissioner's Office) against a cloud provider for data loss, while Eset also predicted the first data leak from the cloud in 2013.
Overall a lengthy summary, but these are the companies with the perspectives and I believe it is right to wait for them to be proved right or wrong or disagree with them as you see fit. If 2013 is going to see these all come true, I hope we are ready.