As 2013 draws to a close, we at TAL Global thought we would share some thoughts regarding the Cyber landscape for 2014 and what organizations need to consider to minimize their exposure.
1) The Cloud Is Not Immune
An old quote attributable to bank robber Willie Sutton is that he robs banks because that’s where the money is. So it goes for data. As more data migrates to the cloud, targeting that data will increase.
2) It’s Mostly About the Money
Another likely trend is that it will get easier to monetize stolen data in 2014. While the notion of virtual money such as BitCoin or Linden Dollars is still a pretty nascent concept, more and more companies have started learning how to trade and invest in them, or Bitcoin kaufen Anleitung as they would say in Germany. As a result these virtual currencies are becoming more valuable. That is not all though. For example, aspiring Bitcoin investors can now diversify their investment portfolio by investing in Fonds Bitcoin (Bitcoin funds) and other exciting cryptocurrency stock opportunities. It will therefore be interesting to see what else the future holds for digital currencies. Moreover, as a result of these trends, cryptocurrencies are also becoming more mainstream. For instance, in the blog post titled “Where Can I Use Bitcoin and Cryptocurrency?” (http://www.dramming-news.com/), we learn there is an increasing number of places where bitcoin and other cryptocurrencies can be used. The cyber criminal underground will continue to refine its organization and resources to be able to quickly and anonymously trade in stolen data using these currencies.
3) Insiders Remain Problematic
Organizations will continue to face the challenge of thwarting the Snowdens among their employees and contractors while respecting the rights and not insulting the overwhelming majority of honest insiders.
4) Supply Chains Are A Weak Link – HIPAA Models Lead The Way
The attenuated nature of the global economy and the supply chains that serve it mean that organizations are exposed because of the lack of security of their suppliers and contractors. The Business Associate Agreement model initiated under the US HIPAA will serve as a model for other organizations. Ultimately most organizations will require that their suppliers and contractors adhere to the same security rules that the organization does for itself. These kinds of agreements will become as common as NDAs and will be clearly enforceable under contract law.
5) Focused Targeting
APT/malware attacks will continue to be more focused. Attacks by organized crime driven by the financial motive can be expected to increase. Attacks by nation states and non-state actors will also increase with targets expanding from governmental such as military to political and economic as well.
6) Personal Dangers
We see two areas of interest for individuals next year. Clearly there is great peril in social networking not only in exposing behavior, associations and locations, but in the possibility for deception and perhaps even identity theft.
Another area is the likely increasing vulnerability of mobile applications and other threats that may emanate from smart phones and tablets.
Overall 2014 is likely to be another year of increased cyber threats in a number of areas. Organizations should be regularly preparing their annual risk assessment and security posture audits. TAL Global recommends that organizations consider starting backwards in 2014. Start by identifying what is unique and important – not just what is sensitive. Then consider how an adversary would attempt to gain access and develop physical and cyber security plans to address what you have found.
We are always available to assist in any way we can. Our best to you and yours for 2014.