Integrity Solutions, today announces the greatest security threats facing Irish businesses in 2014. Mobile malware, ransomware, increasingly sophisticated social engineering attacks and a lack of incident detection and response policies will be among the main threats this year.
Major IT security breaches continued to make the headlines in 2013. One of the largest resulted in the exposure of two million accounts from users of Facebook, Twitter, Gmail and LinkedIn, when more than 90,000 websites were victims of a targeted malware attack. In Ireland, the Loyaltybuild breach resulted in 376,000 individuals having their credit card data compromised from a sophisticated attack.
Paul Ryan, principle security consultant, Integrity Solutions commented, “2013 was a fairly turbulent year, mainly dominated by the rise and fall of Bitcoin stock and revelations relating to leaks by the NSA whistle-blower, Edward Snowden, which led to national and government debates regarding privacy policies. These debates and revelations will surely continue as there will be no easing off of cyber-attacks in the coming twelve months.”
Top 6 predictions from Integrity Solutions’ security review in Ireland:
1. Mobile malware – As consumers and businesses alike increasingly rely on mobile phones and tablets to store sensitive information such as bank details, mobile malware attacks will increase in 2014.
According to Paul Ryan, “We have seen a 300% increase in banking malware and Trojans in 2013. As nearly one in five people conduct financial transactions on their phones and tablets, this will be an increasingly targeted platform for cyber criminals”.
2. Ransomware to become more prevalent – As the malware market continues to expand, ransomware will also increase, using scare tactics to convince individuals to part with money. Ransomware attacks, to date, have been on a much smaller scale than other forms of malware but they are predicted to rise over the coming year on the back of high profile attacks. The Cryptolocker malware attack in 2013 resulted in the attackers encrypting files on infected machines and demanding the owners of the data to pay anything up to €300 ransom to have their data decrypted.
3. Increase in Social Engineering – Social engineering will potentially become much easier through the use of social networking by businesses. These avenues will be used more and more by cyber criminals to gather information. As social engineering is the practice of manipulating an individual into unknowingly sharing confidential information, a strong ongoing programme of user and executive awareness would work well to stem the loss of information in this way.
4. Cloud Computing – With the increase in cloud adoption and the volume of data that is being moved into the cloud, there is no question that it will be increasingly targeted by cyber criminals. The security debate surrounding the cloud is still ongoing and any business considering a move to the cloud needs to ask questions about their data, where it is going, who has access to it and what security measures are in place in order to ensure they are not only securing the information but also complying with all legal requirements.
5. Incident Detection & Response – Fast detection of an IT security attack has become critical, as the longer it takes a company to respond to an incident, the worse the outcome can be. A recent survey of IT and security professionals, carried out by Integrity Solutions, found it would take more than half of Irish business days or even weeks to identify if a data breach has occurred. In addition, almost a quarter (22%) of those surveyed had no plans in place to respond to an incident. This will increasingly become an area of threat for many businesses, as it is no longer a case if but when will a breach occur.
6. Risk of unpatched Windows systems – From April 2014, no new patches will be available for Windows XP and Office 2003. With over a billion computers running Windows and according to NetMarketShare, as of September 2013, more than 31% of all PCs still running Windows XP, this will become a major security concern for those who do not have migration or upgrade plans in place.
Sean Rooney, technical director, Integrity Solutions concluded, “There have been major advances in threat intelligence and new technologies which all go towards helping us to secure our systems and data. However, there needs to be a paradigm shift in the way we approach security. More businesses are beginning to understand that it is not simply about having the right technologies in place. It is also the underlying policies, procedures and awareness of the risks, complemented by a risk based approach to IT security that will help to win the battle against cyber criminals.”