As we begin the New Year, below are Juniper Networks’ 2015 Security Predictions. You can also find the full-sized graphic of the top security predictions on Slideshare.
2015 will be an interesting year for security. As companies work to secure their systems and users, adopting new technologies like mobile payments, two factor authentication, and advanced machine learning solutions, the bar of experience and skill required to breach these environments will increase dramatically. For the first time, I feel our industry is well suited to surpass the capabilities of the majority of attackers. The result will be less incidence of attack, but for the unlucky companies to be targeted, each attack will likely be far more organized, creative, stealthy and powerful. Organizations need to understand what value they are protecting and adopt appropriate leading edge solutions, always mindful that by not keeping pace with the rest of the industry, they become the sole targets for the hackers these new technologies are stopping.
As we begin the New Year, below are Juniper Networks’ 2015 Security Predictions:
The Black Market Continues to Grow and Mature
According to a study from the RAND Corporation and Juniper Networks, hacker black markets have reached a significant level of maturity. In 2015, we are likely to see the continued expansion and maturity of hacker black markets. Fueled by the continued vulnerability of point of sale systems and an influx of cloud services, the market opportunity for economically motivated attackers will continue to grow.
We are likely to see new hacking tools and exploit kits being developed to exploit vulnerabilities in computer systems. Further, despite crackdowns on dark websites like Silk Road by the FBI and other law enforcement, new markets will quickly open to take their place to meet the significant demand for stolen records and other illicit goods. There will likely continue to be a significant supply of credit card and other online credentials being sold on the black market driven by mega breaches at major cloud providers and retailers.
Data Science Spreads to Security
With the continued focus of the industry on providing better and more actionable threat intelligence, we are likely to see a rise in demand of data scientists in security. While already in high demand in other fields, the need for data scientists capable of making more accurate and effective colorations of threat data will increase. The companies capable of best applying data science to security will find competitive differentiation in the marketplace by being able to deliver more reliable and useful intelligence about attacks and attackers.
Securing the Internet of Everything
As more devices are connected to the internet, we are likely to see attackers follow as the potential for attacks to increases. The Internet of Everything means that many companies that haven’t traditionally had to worry about software security now need be responsible for it. The potential consequences could be significant. The ability for an attacker to remotely control medical devices, cars, thermostats and other physical systems could create a significant threat to society. It will be incumbent on companies developing these technologies to focus on security in the development process, as well as develop better ways to quickly patch systems when problems are found. If not, the potential for software hacks impacting critical physical environments and systems will increase significantly.
Mobile Payments Will Drive More Secure Payments
With the rise of Apple Pay, Softcard and other forms of mobile payments, 2015 will be the year mobile payments go mainstream. Considering mobile payments are in many ways more secure than current point-of-sale purchases, consumers will increasingly adopt this form of payment as a viable method for purchases. This will ultimately make payments more secure in the short term. However, it’s only a matter of time before attackers find ways to effectively compromise mobile payments.
Upswing in User Privacy
User privacy will play a huge role in the development and adoption of new products. In light of recent revelations about widespread government and law enforcement surveillance programs, people are far more sensitive about their privacy and companies are beginning to react. For example, Apple greatly improved the security of its new iPhone and operating system by introducing encryption by default in a way that not even they can gain access to data. As a result, they made it not possible for them to assist other parties, like the government, in getting access to user information from Apple and forcing them to go directly to the user.
In addition to greater security in mainstream products, it’s likely that privacy-friendly communications apps will become more mainstream. Applications like Wickr and Silent Circle will gain in popularity as people are more privacy conscious.
Two-Factor Authentication Will Apply to the Masses and Kill the Password
More and more companies will adopt two-factor authentication and introduce it to their general user population or by default. Apple, Google and Microsoft have been utilizing it for some time, but other companies ranging from SMBs to large enterprises will employ the verification process to get away from the relative insecurity of passwords. This could reduce the frequency of credential hacking of cloud and other online services in the short term. However, in turn, hackers will eventually become more successful in their quest to break these new systems.
Consumers Will Take Security Into Their Own Hands
There will be an increase in the amount of security services that consumers use to secure their data, versus relying solely on the companies collecting it. Consumers are beginning to realize that the companies they do business with are not adequately protecting them. In 2015, they will look to third parties to help address their lack of trust and faith. In particular, there will be increased use of password managers and fraud monitoring services.