The world of IT security is by nature fast moving and continuously evolving, as security companies try to keep up with innovative attacks by cyber criminals, who in turn must work ever harder to beat more sophisticated IT security defenses, all against a backdrop of rapidly emerging new technologies, such as mobility, cloud and social media. Such challenges are by their nature global, and tend to be relatively similar across different world regions. BNamericas takes a look at some of the most significant IT security issues for 2014.
ANDROID REMAINS A MAJOR TREND, BUT IT IS EVOLVING
In line with what has been seen this year, Android attacks are set to remain a major trend in 2014, as cyber criminals continue to follow users in their strong adoption of the mobile OS. What's more, Android is easy to attack, and few users install antivirus programs on their smartphones, according to Kaspersky.
However, Android malware is evolving. Fortinet (Nasdaq: FTNT) expects Android attacks to expand to other devices in 2014, including industrial control systems, home automation systems and games consoles. Meanwhile, Android attacks are growing in sophistication, and are increasingly able to counter detection methods, according to Sophos.
Eset also believes that malware will diversify to non-traditional devices, such as cars, smart TVs, houses, refrigerators, lighting systems or toilets.
MALWARE VOLUME DECLINES, BUT SOPHISTICATION INCREASES
A somewhat more surprising prediction is that the quantity of new malware is beginning to decline. However, this is not good news, as cyber criminals are relying less on high-volume advanced malware which runs a high risk of detection, and are instead using lower volume and more targeted attacks, according to Websense (Nasdaq: WBSN).
Cyber criminals are becoming more adept at eluding identification, and are increasingly placing their servers in the darknet in order to resist surveillance, Sophos said. Meanwhile, the FBI is expected to increase its range of targets in the so called "Deep Web" this year in an effort to combat cyber crime, Fortinet said.
DATA, NOT NETWORKS, ARE KEY IN THE CLOUD
Cloud services are expanding rapidly the world over, and with them so are security concerns. Cyber criminals will focus attacks on data stored in the cloud, rather than the networks themselves, as critical business solutions increasingly run on cloud platforms, according to Websense. Organizations need to be concerned in 2014 about nation states and cyber criminals using breaches to destroy data, the company added.
Attacks on corporate and personal data in the cloud is a key issue in 2014, as security threats targeting endpoints, mobile devices and credentials begin to emerge, Sophos concurs. However, it is difficult to know at this point what form such attacks will take, the firm added.
PRIVACY CONCERNS IMPACT IT SECURITY
The exponential uptake of cloud services by corporations and individuals is also throwing up major concerns regarding data privacy and ownership. The US National Security Agency (NSA) espionage scandal which broke during 2013 has undoubtedly raised public awareness of such issues both in Latin America and worldwide, but concern regarding how governments and companies store data transcends such isolated issues, Eset said.
As well as the legal, ideological and moral debates which these issues generate, there are also direct implications for information security. It is important to understand that while measures must be taken to protect users against various types of cyber attacks, such efforts do not have the same efficiency when it comes to protecting users' privacy, the company added.
Fortinet predicts that users will begin to use data encryption in 2014 to protect critical data and intellectual property, and suggests that network security solution manufacturers will have to become more transparent regarding exactly what they can and can't protect users from.