Tuesday, 14 January 2014
UK Information Security Threat Horizon 2014
I was asked for my views on the Threat Horizon, specifically what attacks and trends do I expect to impact UK businesses in 2014, so I thought I'd share my thoughts. The following are my own views, and they are not based on any specific studies or reports, but on what I've generally read, discussed and trends I have seen affecting UK businesses in the last couple of years.
Cloud Data Protection
UK businesses continue the 'Cloud Rush', meaning more and more confidential data is going into the cloud. I don't think this is so much a Snowden privacy revelation issue with government spying, but I see the problem is that UK businesses are being taken in by the marketing cost saving glitz, and so are blindly trusting cloud service providers. At the end of the day a cloud service provider is a third party service provider. A cloud service purchased by a business, where the third party is charged with adequately protecting confidential information, must be properly vetted and risk assessed. I think there will be UK businesses in 2014, that will come a cropper, and suffer a data breach due to inadequately secured cloud service.
Distributed Denial of Service attacks (DDoS) are increasingly hitting UK businesses, both large corporations and SMEs. The source of such attacks range from very public Hackivisim to very private blackmail attempts. Most UK businesses don't have decent or any DDoS defences in place, hence why this attack vector is increasing in popularity in the UK.
Windows XP / Office 2003
After April 2014, Microsoft will no longer support Windows XP and Office 2003, this means no further security patches will be released to resolve any newly discovered vulnerabilities in Windows XP and Office 2003. As a result I expect Windows XP to be targeted in 2014. However I think if a serious enough vulnerability was uncovered in Windows XP, Microsoft would still patch it, but this is my own assumption, so don't quote me on that. But the real problem here is many UK businesses, and indeed many citizens in the UK, will still be using Windows XP past April 2014.
Malware will continue to become ever more sophisticated, and there will be more crafted and targeted malware attacks against UK organisations. Sure you don't have to be Mystic Meg to predict this one, as this is a trend that continues year on year. Having said that, its pretty clear that Ransomware is making a big comeback at the moment, which may well have a serious impact against some UK SMEs in 2014.
Mobile devices will increasingly be targeted, as it does every year. Nothing new, but mobile platforms are increasingly becoming the lowest hanging fruit in gathering confidential information from UK businesses, especially those that do not adequately control their Bring Your Own Device (BYOD) schemes and employee devices.
Finally I predict there will be plenty of UK businesses, that will suffer data breaches for not providing even the basic level of information security. This is a no brainer prediction for 2014 for most in the InfoSec industry, yet unfortunately I will be proven right on this one.