The widespread adoption of mobile devices, proliferation of applications and growth of cloud computing are helping accelerate business innovation in Australia, enrich our personal lives and allow us to stay connected continuously. However, with greater access to information, today’s always-on world brings with it a new and ever-changing set of security challenges.
According to the Verizon “2011 Data Breach Investigations Report,” the number of data attacks has tripled in the past five years, making the need to balance security with risk an even greater priority for businesses and consumers.
With cybercrime gaining momentum in recent years – both in the consumer and business spaces, we all need to ensure our information and devices are safe. In some cases, cyber attacks have occurred and the user has had absolutely no idea that their system was breached until well after the incident. Therefore, the first step in preventing cybercrime is to stay alert to potential suspicious activity and be aware of the risks. This includes small changes that cannot be explained or security log files that do not correlate with the legitimate activity of the business. By staying alert, users can guard against the following security threats in 2012:
Mobile malware is on the rise
Malware targeting mobile devices will continue to increase, and enterprises will wrestle with how to protect users. Obvious targets will be smartphones and tablets, with all mobile platforms likely to experience an increase in mobile attacks.
Criminals target and infect app stores
Infected applications, rather than browser-based downloads will be the main sources of attack. Because they are not policed well, unauthorised application stores will be the predominant source of mobile malware, with cybercriminals posting their infected applications here in an attempt to lure trusting users.
Application scoring systems will be developed and implemented
To reassure users, organisations will want to have their application source code reviewed by third parties. Similarly, organisations will want to be sure that the applications approved for use on workers’ devices meet certain standards.
Emergence of Bank-Friendly Applications with Built-in Security
Mobile devices will increasingly be used to view banking information, transfer money, donate to charities and make payments, presenting an opportunity for cybercriminals who will find ways to circumvent protections.
Hyper-connectivity leads to growing identity and privacy challenges
In today’s business environment, more users need to legitimately access more data from more places. This requires the protection of data at every access point by using stronger credentials, deploying more secure, partner-accessible systems and improving log management and analysis. Compounding the issue is a new age of cross-platform malicious code aimed at sabotage and mounting concerns about privacy.
New risks accompany move to digitised health records
The concept of e-health records has been in the spotlight lately as the Australian Medical Association (AMA) continues to lobby the Australian government to change its e-health record policy to an ‘opt-out’ model. As health records become more and more digitised, new, mobile devices will be introduced that send sensitive information beyond the traditional boundaries of health care providers creating a greater security risk.. Along with the need to secure newly implemented e-health systems, securing mobile devices and managing mobile clinical applications will continue to be an ever-increasing focus in the healthcare industry, to comply with strict Australian privacy regulations.
Mobile and medical devices will begin to merge
Mobile devices and health care apps will proliferate, making it easier, for example, to transform a smartphone, into a heart monitor or diabetes tester. As interoperability standards mature, more mobile devices and traditional medical devices will become nodes on an organisation’s network. These devices also will be susceptible to the same threats and vulnerabilities that other network-attached peripherals face.
New concerns will surface about IPv6
The federal government is still struggling with the rollout of IPv6-enabled devices as organisations migrate from IPv4. This will be an ongoing concern and IPv6 specific vulnerabilities and threats will continue to cause trouble during 2012.
Social-engineering threats resurface
More targeted spear-phishing -- an email-fraud attempt that targets a specific organisation, seeking unauthorised access to confidential data – will be the major social-engineering threat of 2012. Efforts to educate user communities about safe computing practices, will continue to be a challenge as the user base of smart devices increases dramatically.
Security certification programs will increase in popularity
Certifications will continue to increase in the government and private sectors. Internet threats will continue to affect business, government and user confidence and wreak havoc on computing devices in the office and at home.
‘Big data’ will get bigger, and so will security needs
“Big data” -- large data sets that can now be managed with the right tools -- will be popular in 2012 as more companies derive greater value through analytics. Companies will use the data to create new business opportunities while empowering evidence-based decision making for greater success.
Safeguarding online identities will no longer be optional
With the rampant growth of online identity theft, consumers, businesses and government agencies are seeking ways to better protect their identities. These groups will look to the private sector to provide a cost-effective solution that helps to safeguard their identities and create greater online trust.
John Karabin is the Area Vice President of Verizon Business