After a series of high-profile security breaches in 2015, including the attack on the Office of Personnel and Management, cybersecurity will continue be a significant concern for individuals, organizations, and government agencies alike in the year ahead. Those who threaten US cybersecurity will go to great lengths to interfere with the nation’s cyber defense measures through increasingly evasive technological means.
The results of the Dell Security Annual Threat Report highlighted several cybercrime trends and predictions, as well as areas which have experienced the most targeting and intrusions, and which could be most at risk in 2016.
The data for the report was collected by the Dell SonicWALL Global Response Intelligence Defense (GRID) network, which receives information from numerous sources, including more than one million firewalls, tens of millions of endpoints, Dell SonicWALL traffic, intelligence from freelance security researchers, and other methods used by industry.
The report aims to give organizations realistic, evidence-driven suggestions so that appropriate preparation could be made to deter attacks. Four cybercrime developments were identified in the report:
1. Exploit kits are evolving to stay ahead of security systems.
2. There has been an increase in SSL/TLS encryption, providing cybercriminals greater opportunity to obscure malware from protective firewalls.
3. Android malware is on the rise, with the financial sector as the primary target.
4. Malware attacks nearly doubled in 2015, causing significant damage to government agencies, organizations, and even individuals.
The report noted that many breaches in 2015 were not a result of people having no security measures in place, rather, there were measures which were lacking.
“Many of the breaches in 2015 were successful because cybercriminals found and exploited a weak link in victims’ security programs due to disconnected or outdated point solutions that could not catch these anomalies in their ecosystem,” said Curtis Hutcheson, general manager, Dell Security.
According to the report, “Once again in 2015, a massive number of breaches succeeded against organizations who thought they were doing everything right. The solution is for companies to approach security as an end-to-end problem. From the creation and storage of data to its consumption and every transit channel in between, if security is weak at any point, the whole system risks collapsing.”
Dell said that throughout 2015, the company blocked 2.17 trillion IPS attacks and 8.19 billion malware attack efforts. Unique malware samples increased 73 percent when compared to 2014, and tripled in comparison to 2013.
“Each successful attack provides an opportunity for security professionals to learn from others’ oversights, examine their own strategies and shore up the holes in their defense systems,” said Hutcheson. “At Dell Security, we believe the best way for customers to protect themselves is to inspect every packet on their network and validate every entitlement for access.”
It is vital that the government, and organizations and individuals, remain aware and prepared to defend their cyber identity. Dell has observed that security needs to reach past one’s own software and systems, employee training, and all those with network or data access.
Moving forward into 2016, Dell has predicted various trends based upon the findings from 2015, and the level of growth and fluctuation seen over the past few years.
First, companies will continue to be concerned over how HTTPS encryption and threat scanning procedures will affect performance. With the detection of certain viruses in 2015, it is expected that the amount of these types of viruses will diminish as browsers, such as Google, no longer utilize Flash plugins.
Threats of a malicious nature may target Android Pay through sensitive Near Field Communication (NFC). This could in turn use Android apps and point-of-sale (POS) terminals, which can be easy for hackers to obtain and reconfigure. Lastly, those vehicles which use Android Auto, could experience malicious hacks, via ransomware (payment would need to be made to be able to exit the vehicle), or with even more dangerous repercussions.
To ward off cyber threats in the future, Dell asserts that organizations should “picture a security program as one of architecture’s most fundamentally stable shapes: the arch. If all the pieces of the arch are in place, it’s an unshakeable structure, even gaining strength as it gains load. However, if one of the pieces of the arch is missing or flimsy, the arch will crumble under the slightest weight, no matter how strong the other bricks are.”
