Cybersecurity challenges in 2013

The security issues affecting businesses are similar around the world. Most involve employees innocently bringing an infected personal mobile device into the corporate network, or clicking on a social media link that looks harmless but hides a Trojan or worm that will secretly steal data and money and, potentially, remain undetected with severe impact on security of the infected device.

And while this this year will see more of that, we will also see major cybersecurity challenges to businesses coming from an increase in exploit kits, an increase in mobile device cybersecurity threats, and more sophisticated threats in general. Let's dive deeper:

- Increase in exploit kits: Exploit kits represent the dark but massively profitable side of cybersecurity attacks. Exploit kits comprise malicious programs. They quickly identify and then attack cyber vulnerabilities and spread malware.

[ ROUNDUP: 13 of the biggest security myths busted ]

Exploit kits are created, sold and rented on the black market. We predict they will be increasingly used because of their ease of deployment (rental model) and ease and speed of infection they deliver. The impact of these attacks will be felt in loss of data, IP, identify theft, financial fraud and theft, as well as in diminished business productivity and continuity.

We expect to see exploit kits targeting Windows 8, Mac OS X and mobile devices, particularly Android-based, in 2013 as these three targets represent fast-growing segments used by corporates and consumers alike to transact communications, business and commerce.

The growth of malware will continue at an explosive pace. In 2012, Dell SonicWALL identified nearly 16 million unique malware samples through its GRID (Global Response Intelligent Defense system) compared to 13.5 million in year 2011. Already, there are around 44,000 new malware samples every day.

[ ALSO: The future of malware ]

- Increase in mobile cybersecurity vulnerability: The adoption of near field communication technology for mobile payment systems makes mobile platforms an attractive target for financially motivated cybercrimes. And the increased use of personal devices in businesses -- thanks to trends like BYOD (bring your own device) -- creates entirely new cybersecurity issues, from loss of company data and IP, to financial threat and non-compliance issues, to name a few.

As social media continues to be adopted universally for personal and business purposes alike, malware will increase dramatically across Facebook, Twitter and Skype in 2013. This triple threat threatens targeted mobile devices at the point of commerce, through their access to corporate networks and through their access to social media channels. It will be particularly dangerous and become more advanced and prevalent. [Also see: "Who owns that Twitter account?"]

- Increase in sophistication of cyberattacks: Last year we saw cybercriminals abandon older scareware methods such as fake antivirus scams and move over to ransomware scams. We expect to see this continue and become more global and multilingual, which also represents a growing threat to Latin Ameria. Ransomware attacks lock down a computer, device or service and holds the data hostage, or even threatens court action if the user does not pay. These are very devious attacks that are embedded deep into the computer or device and it is nearly impossible for an average user to regain control over his own system and data.

The sophistication and ability to attack and paralyze websites will continue to grow at dramatic pace. For example in 2011, there were 1,596,905 DDoS (distributed denial-of-service) attacks compared to 120,321,372 in 2012. As businesses of all sizes continue to move services and infrastructure to the cloud, the issue of DDoS will be high on many agendas at it has the potential to quickly cripple entire cloud infrastructures.

Viruses, trojans, worms and ransomware do not differentiate between a large or small business. They represent the same risk, no matter if you have a lot or only very little budget to invest in network security. Irrespective of the size of your business, these threats can mean loss of profitability and productivity, loss of data and financial assets, and potentially catastrophic loss of business continuity. It is likely that small businesses are more likely to fall pretty to these attacks, because they do not have the budget, IT infrastructure or support that a large business can afford. On the other hand, the more people a business employs, the greater the vulnerability of its network.


Steps to take

The most important steps for a business of any size to protect itself from cyberattacks is to be aware of the most obvious and dangerous variants. Second, it is key to educate employees how to recognize and avoid accidentally bringing a virus/malware/trojan into the corporate network. A recent survey by Dell SonicWALL customers shows that 68% of all businesses reported that employees cannot identify fraudulent attacks on the corporate network.

It is the dirty little secret of the beautiful world of social networks and mobile device interconnectedness that they are a breeding ground for malware and Internet criminals. Many businesses believe their existing firewalls will protect them from an attack. The reality, however, is that old firewalls pose a serious security risk to organizations today.

First-generation firewalls technology has become obsolete as it fails to inspect the data payload of network packets circulated by today's Internet criminals. To prepare and protect from the massive growth in social media, applications, BYOD and multi-media files flowing through a corporate network, entirely new technology is needed. It is today's next-generation firewalls that include advanced technology such as application intelligence and control, intrusion prevention, malware protection and SSL inspection at multi-gigabit speeds, scalable to support the highest-performance networks and protect them effectively from the modern threats every user of email or the Internet encounters on a daily basis.

If an organization does business anywhere on the Internet, it is likely not a question of if, but when it will be targeted by cybercriminals. While no protection is ever perfect, there is much that business can do to minimize and deflect the impact of these potential threats. Especially, the IT organization should closely collaborate with the company leadership to identify vulnerabilities lie, prepare with appropriate countermeasures including advanced high-performance, high-redundancy network security components, and educate employees for the best possible defense and protection of business assets.

Read more about wide area network in Network World's Wide Area Network section.

Join the CSO newsletter!

Error: Please check your email address.

Tags Firewall & UTMNear Field Communicationanti-malwaretrojanransomwaredistributed denial of service next generation firewallcybercrimewormmobile paymentsmobile malwaresecurityddosexploit kitslegal

More about DellFacebookSkypeSonicWall

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Dmitriy Ayrapetov, director of product management of Dell SonicWALL

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place