Security Threats Predictions in 2015
Article by Rishikesh Kamat
Managed Security Services
Let me start with a note on security threats that a business enterprise faces as it enters a
new year. The previous year has been a witness to an increase in number, complexity and
sophistication of attacks on enterprise security. DDoS and APT are looming dangers to
enterprise security, no longer manageable from within the security infrastructure of an
organization. These coupled with mobile malware (despite BYOD strategies) and the
adoption of disruptive technologies like the Internet of Things (IoT) are proving to be a
persistent threats to the enterprise IT architecture.
However, the situation is not as bleak as it seems. If the incidence of these threats is rising,
security providers too are gearing up to take on these threats headon.
A Coordinated, Collaborative Approach to DDoS Mitigation
Stopping modern-day DDoS attacks requires the collaboration of enterprises, governments and
in-cloud managed security service providers. To help facilitate collaboration and address this
complex, growing problem, Arbor Networks created the Cloud Signaling Coalition (CSC).
The Cloud Signaling Coalition is an innovative industry initiative that facilitates communication
and information sharing in order to solve real-world problems, namely, denial of service attacks
that threaten the availability of data center resources.
In The Year 2015, We Will See A Trend Towards Threat
Mitigation Moving Into The Cloud
Increasing volume and complexity in DDoS attacks over the past few years is making it vital for
business enterprises to build capacity for mitigation. The industry is now building capacities to
move mitigation of DDoS attacks through the cloud. Interestingly, providers such as Arbor and
Prolexic are in the process of building capacities to be able to absorb the huge volumes of attack
What this essentially means to the enterprise is that traffic will need to be routed outside the
local geographies leading to a slew of concerns on data privacy and control. Unfortunately,
organizations will not have much choice but to adapt to this reality – and 2015 will pave way for
increasing trend towards this move.
Similarly, Advanced Persistent Threats (APTs) are increasing in complexity, requiring analysis,
which needs high compute power and federation of multiple sources. For an enterprise IT setup,
detection of APTs may be difficult with existing resources but the Cloud offers a way out over
here. Service providers and OEMs are building sanboxing capabilities in the cloud that allow
customers to throw malicious content into the cloud for analysis and reporting.
Internet Of Things (IoT) Introducing New Slew Of Threat
Internet of Things (IoT) has been around us in some form or the other, and in different names
for many years. However, this lesser known faculty has gained prominence in recent times. IoT
essentially means the ability to connect everyday things around us and remotely manage an
incalculable number of connected devices using Internet is fast becoming pervasive. As we
become increasingly reliant on intelligent, Internet-connected and automated devices, a huge
threat looms over us – how do we protect billions of devices from intrutions and inteference
which could soon become the biggest threat to personal as well as enterprise security?
The general level of security of the smart devices is not upto the mark. There is a larger threat
vector for the malicious entities to exploit. The range of attacks can be from as simple as
hijacking the IoT devices for launching other attacks, or it could be as severe as hacking the
devices themselves to carry out malicicous activites. According to a Forrester Research report on
IoT Security issues "Privacy and security concerns are one of the top five challenges for internal
stakeholders in 21 percent of firms".
(Source: Forrester Research on IoT Security issues in October 2014)
And we are of the opinion that 2015 and beyond will see a bunch of organizations changing their
focus to secure these billions of intelligent and interconnected devices.
Mobile Malware Will Represent A Persistent Threat In
Spite Of BYOD Measures
A good 10 years back, a malware called Cabir first infected Symbian feature phones, since then
the floodgates of mobile malware have opened, making it a top security threat for devices. And
there is valid reasons for it too!
With more and more users merging their professional and personal mobile experiences onto a
single device, any malicious content downloaded while on personal use can find its way to the
corporate network when connected in office. Existing BYOD measures will have to be further
enhanced to ensure that any malicious content is kept out of the corporate network. In the near
future, given the nature of targeted attacks as well as lack of security awareness of end users,
this will continue to remain as a challenge.
As security threats continue to evolve so will the measures to counter them will continue to
evolve. 2015 will see the notion of security being a secure platform − rather than a series of point
products or devices on the network – gaining traction. The expectation on security professionals
will be to deliver a secure platform that allows the business to confidently run multiple
applications, in a secure environment.
The concept of cloud with its pay per use model will play a significant role in end point security.
The coming year will be an exciting time for IT security experts where they will not just have to
prevent but predict the kind of security threats and take measures to mitigate them.