But some of the most dangerous attacks come from the inside. These attacks can be the most devastating, due to the amount of damage a privileged user can do and the data they can access. In a study funded by the U.S. Department of Homeland Security, the CERT Insider Threat Center at Carnegie Mellon University's Software Engineering Institute and the U.S. Secret Service, researchers found malicious insiders within the financial industry typically get away with their fraud for nearly 32 months before being detected. Trust, as they say, is a precious commodity – but too much trust can leave you vulnerable.
Threat #4: BYOD
The issue of trust comes into play in the mobile world as well, with many businesses struggling to come up with the right mix of technologies and policies to hop aboard the BYOD trend. Users are increasingly using their devices as they would their PCs, and by doing so are opening themselves up to web-based attacks the same as they would if they were operating a desktop computer.
For attackers, it is likely as well that there will be more attempts to circumvent the app review and detection mechanisms mobile vendors use to guard their app markets. All this means that the flood of iPhones, Google Android phones and other devices making their way into the workplace are opening up another potential gateway for attackers that needs to be secured. Think about it – your smartphone has a camera. It has a microphone. It can record conversations. Add these features to the ability to access your corporate network, and you have the ideal stepladder to climb the walls we are talking about.
Threat #5: Cloud security
BYOD is not the only thing changing the walls corporations must build around critical data however. There is also this little trend called cloud computing. With more companies putting more information in public cloud services, those services become juicy targets, and can represent a single point of failure for the enterprise. For businesses, this means that security must continue to be an important part of the conversation they have with cloud providers, and the needs of the business should be made clear.
Threat #6: HTML5
Just as the adoption of cloud computing has changed the vulnerability surface, so will the adoption of HTML5. Earlier this year, it was noted at the Black Hat conference, a place where security pros can get a sign of attacks to come, that HTML5's cross-platform support and integration of various technologies opens up new possibilities for attack, such as abusing Web Worker functionality.
Even with an increasing amount of attention being paid to HTML5 security, the newness of it means that developers are bound to make mistakes as they use it, and attackers will look to take advantage. Expect to see a surge in HTML 5 oriented attacks next year, hopefully followed by a gradual decline as security improves over time.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.