2014 is less than one month away, what better time to ask ourselves about the top security trends to watch for in the coming year.
Malware Creation: OK, this won’t sound too original but it is a safe bet to say that malware creation will hit a new record high in 2014. Actually, such was the case in 2013, 2012, etc. Most new malware will be variants of known malware conveniently modified to bypass security products.
Vulnerabilities: Security holes in Java have been responsible for most infections detected throughout 2013, and this is not likely to change during 2014. The fact that Java is installed on billions of computers and is apparently affected by countless security flaws has made it a favorite target of cyber-criminals. There is no exploit kit on the market worthy of that name that doesn’t exploit a set of Java vulnerabilities.
Social Engineering: Social engineering is a field that gives cyber-crooks freedom to show their creativity. After vulnerabilities, the second most frequent cause of computer infections is… users themselves, who many times fall into the trap set by cyber-criminals. Despite many scams propagate via email, most of them occur on social networking sites, a meeting place where users share information, but also the perfect place for malware to spread.
Mobile Malware: Android will continue to be the number one mobile target for cyber-crooks in 2014, and the coming year will set a new record for the number of threats targeting this platform.
Ransomware: In addition to banking Trojans and bots, ransomware will be one of the most pervasive threats in 2014. Get ready for new waves of malware asking victims to pay a ransom to unlock their computers, access their files (CryptoLocker), remove supposed threats (fake antivirus software), or even pay a ‘fine’ for supposed illegal activities (Police Virus). Ransomware allows criminals to obtain money directly from users, and so we can expect it to soar and extend to other types of devices, like smartphones, for example.
Corporate Security: As malware attacks become increasingly aggressive (look at CryptoLocker for example) and the number of targeted attacks suffered by companies rises, there will be a demand for extra-tight security measures that go beyond the protection provided by a “traditional” antivirus. Traditional perimeter solutions are still a necessity, but they have become obsolete in some of the new scenarios companies have to face: users who bring their own devices to work and connect them to the corporate network… Not to mention the espionage operations conducted by governments themselves (NSA, etc.). It is for all these reasons that new solutions will be released capable of responding to these needs and offering protection levels that ensure data security and integrity much more effectively.
Internet of Things: The number of objects and devices connected to the Internet is ever-increasing, and will continue to do so. IP cameras, TVs, multimedia players are now an integral part of the Internet, and often share a characteristic that sets them apart from other devices such as laptops, smartphones or tablets: Users rarely update them. As a result, they are extremely vulnerable to security flaw exploits, and so we are likely to see attacks that target these devices as well.