Get ready for invited break-ins, malware-ridden apps and spoof attacks
by Dominique Karg - Chief Hacking Officer at AlienVault - Tuesday, 18 December 2012.
Let’s get mission-critical

With a depressed economy many organisations are looking for the miracle technology that will help them speed innovation, increase agility and improve financial management. Cloud has been touted as the very ‘miracle’ we’ve all been searching for – but insecurities have prevented many from taking the final leap. I think that could change. In 2013 I foresee out-of-the-box cloud infrastructures continuing to provide mission-critical, next-generation platforms for businesses providing a solution-driven all-in-one security environment for those companies looking for best-in-class protection. Notice anything awkward about the previous sentence?

While we’re on the subject of Cloud computing, compliance will be a big business driver. While many condemn legislation, it can sometimes be the necessary evil. My opinion is that, in this case, it will provide both large and small companies with a better approach to the BYOD problem.

Big brother

In the last few years we’ve seen a number of high profile governments pointing the finger at each other with accusations of state sponsored spying. I think these ‘occasional’ rumblings about Government-sponsored site crawling searching for threats disguised behind the clever but criminal use of technology will increase. While I’m not sure which side of the fence I sit on when it comes to this kind of government cyber-sleuthing, what I do applaud is that it will raise public awareness of these and similar dangers lurking in cyber-space.

Spoof attacks

If the economy continues to sag--and I don’t need a crystal ball to predict that it’s highly likely to--then targeted crime will continue. Unfortunately, it is the end user that makes the easiest target for phishing and malware scams. I think we need to prepare for some creative campaigns -- people selling items that they don’t have to steal money. With what I’ve learned over the years, if I were struggling to feed myself and lacked morals, I could think of a variety of colourful campaigns that I could launch against the less tech savvy.

A new buzzword is born (or will be)

Acronyms and buzzwords litter the technology arena, particularly in correlation with enterprise risks. For example, APT – or advanced persistent threats, caused many to quiver with fear resulting in numerous consultancy projects and clueless organisations investing heavily in a myriad of defences. In the last few years, the budgets allocated to thwart APT have dwindled. What’s needed is a new scary acronym for specialists to band about – how about NBM’s (no boundary menaces) or perhaps AEK’s (axis of evil kamikazes). While you may laugh, I’d bet at this very moment a marketing genius somewhere is busily working his way through the thesaurus to come up with the NBT (next big threat).

Each year predictions are made, and warnings issued, in preparation for another twelve months. Yet, year after year, we still find ourselves surprised when attacked and more unprepared than we thought we were. We’ve all learnt to be streetwise to keep ourselves safe in the real world, yet we leave that astuteness behind when interacting virtually. In 2013 I urge everyone to think before they click - my rule of thumb for even the most basic users - if you don’t trust it, don’t do it.

Oh, and if you really want a set of predictions that will help you, look at some 10 year old “biggest real threat wrap-up” and put the recommendations into play.


Harnessing artificial intelligence to build an army of virtual analysts

PatternEx, a startup that gathered a team of AI researcher from MIT CSAIL as well as security and distributed systems experts, is poised to shake up things in the user and entity behavior analytics market.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Tue, Feb 9th