2015: The Year in Cyber Security
2015: The Year in Cyber Security
The year 2014 was considered by many Internet security analysts to have been one of the most dangerous in terms of threats, attacks and exploits, but 2015 ended up being even more dangerous.
Join the DZone community and get the full member experience.Join For Free
Discover Tarantool's unique features which include powerful stored procedures, SQL support, smart cache, and the speed of 1 million ACID transactions on a single CPU core!
The year 2014 was considered by many Internet security analysts to have been one of the most dangerous in terms of threats, attacks and exploits, but 2015 ended up being even more dangerous. For cyber criminals and malicious hackers operating in 2015, no target was too large or imposing; from credit card companies to universities and from government agencies to global corporations, hackers seem to be getting bolder and more sophisticated.
One interesting aspect of network security in 2015 is that the bad guys are not staying within specific groups. The three major threats to online security are typically conducted by cyber criminals, nation states and hacktivists; however, individuals in these groups may cross over for various reasons. For example, the Ashley Madison data breach and information dump was carried out by the Impact Group, which is a hacktivist outfit that can be described as having some affinity with Anonymous; nonetheless, they resort to cybercrime in order to achieve their goals. A similar situation can be observed in the cyber warfare allegedly conducted by the United States and China, whereby they engage in criminal acts for the purpose of asserting their position as global powers.
The Business Need for Internet Security
Nowadays, all business sectors are vulnerable to attacks from any of the aforementioned groups. All companies need to be aware that they can be targeted at any time. The size of a targeted company is irrelevant to cyber criminals; some hacker groups take pride in going after major targets such as Sony and T-Mobile while others specialize in small businesses.
Many business owners think that hackers are only interested in certain information such as bank records and credit card transactions. Cyber espionage has been an alarming trend in terms of cyber security during the year 2015, and it is being perpetrated against many unsuspecting owners of small companies as well as self-employed professionals. Data breaches at small law firms and attorneys in solo practices are on the rise, and this can be attributed to the hacker-for-hire phenomenon, whereby unethical individuals retain the services of network intrusion specialists for cyber espionage purposes.
Modern Hacking Attack Methods
There is a clear need for companies to take cyber security very seriously, particularly if some of their business is conducted with the support of mobile devices. Two common attack vectors used by hackers in 2015 include faking public Wi-Fi hotspots and brute force access; the latter method allows hackers to gain entry to a network protected with a weak password while the former targets unsuspecting users of smartphones, tablets and laptops. Either one of these methods may enable a data breach of a sensitive system such as a business process management software (BPMS) database.
Other attack methods include the use of malware, which was used to carry out the massive data breach of Sony Entertainment, and phishing, which was used against major health insurer Anthem in the United States.
The sophistication of cybercrime these days requires professional security audits. According to a 2014 research study by Intel Security, the economic loss attributed to cybercrime in the United States is estimate to equal about 0.64 percent of gross domestic product (GDP), and a similar figure is experienced by China. In the Netherlands, cybercrime equals 1.5 percent of GDP.
The key to deploying adequate security is to identify the key assets to be protected and their potential threats. For example, a company that maintains its own network may consider switching to a cloud-based solution that offers better security. Another example is a business that relies of the use of mobile devices; it may be tempting to adopt a bring-your-own-device (BYOD) policy, but this could be a problem in terms of security. If BYOD is practiced, staff members should agree to have their smartphones and tablets scanned for issues periodically, and they may need to install a security suite approved by the company.
Opinions expressed by DZone contributors are their own.