1. The Cloud Is Not Immune
An old quote attributable to bank robber Willie Sutton is that he robs banks because that’s where the money is. So it goes for data. As more data migrates to the cloud, targeting that data will increase.
2. It’s Mostly About the Money
Another likely trend is that it will get easier to monetise stolen data in 2014. While the notion of virtual money such as BitCoin is still a pretty nascent concept, the cyber criminal underground will continue to refine its organisation and resources to be able to quickly and anonymously trade in stolen data.
3. Insiders Remain Problematic
Organisations will continue to face the challenge of thwarting the ‘Snowdens’ among their employees and contractors while respecting the rights and not insulting the overwhelming majority of honest insiders.
4. Supply Chains Are A Weak Link – HIPAA Models Lead The Way
The attenuated nature of the global economy and the supply chains that serve it mean that organisations are exposed because of the lack of security of their suppliers and contractors. The Business Associate Agreement model initiated under the US HIPAA (Health Insurance Portability and Accountability Act) will serve as a model for all organisations to adopt or in Europe will copy or if already working with a US centric supplier will already be following. Ultimately most organisations will require that their suppliers and contractors adhere to the same security rules that the organisation does for itself. This kind of agreement will become as common as NDAs (Non Disclosure Agreement) and will be clearly enforceable under contract law.
5. Focused Targeting
Advanced Persistent Threats (APT)/malware attacks will continue to be more focused. Attacks by organised crime driven by the financial motive can be expected to increase. Attacks by nation states and non-state actors will also increase with targets expanding from governmental such as military to political and economic as well.
6. Personal Dangers
We see two areas of interest for individuals next year. Clearly there is great peril in social networking not only in exposing behavior, associations and locations, but in the possibility for deception and perhaps even identity theft.
Another area is the likely increasing vulnerability of mobile applications and other threats that may emanate from smart phones and tablets.
Overall 2014 is likely to be another year of increased cyber threats in a number of areas. Organisations should be regularly preparing their annual risk assessment and security posture audits. Digital Pathways and TAL Global recommend that organisations consider starting their cyber security review backwards in 2014. Start by identifying what is unique and important – not just what is sensitive. Then consider how an adversary would attempt to gain access and then develop physical and cyber security plans to address what you have found.