5 Cyber Security Predictions for 2015

Crystal-ball-photo-for-blog

Imperva has been in the business of protecting the high-value applications and data assets at the heart of the enterprise since 2002. In the years since, we’ve gained tremendous knowledge about cyber security and the origins and nature of cyber attacks. This knowledge has come from analyzing the data collected by our SecureSphere products in installations around the world, as well as from working closely with over 3,500 customers from across many industries.

When security vendors are challenged at the end of each calendar year to come up with predictions for the year ahead, we like to combine the data we’ve collected from our products with the insights that we’ve gathered from our customers, to come up with some meaningful commentary and helpful guidance. What follows are our predictions for the year ahead, with more to come throughout the year as we continue to analyze what our products have to tell us about how the security landscape is evolving.

2015

1.    The year of revolt

2015 could be the year when merchants in the US revolt against the credit card companies’ policy of sticking them with both the liability for fraud and the responsibility for protecting what is essentially un-protectable: credit card numbers that have to be shared in order to be used, and which can be abused simply by knowing what they are. Fallout from such a change could vary widely, but it’s possible that we will see the rise of separate infrastructure for secure payments (like ApplePay) or a more secure credit card infrastructure (chip and pin) in the United States.

2015 could also be the year when consumers revolt at the prospect of having to change their credit card numbers so often.  This has been the typical response to mega-breaches with lots of issuers cycling cards.  While this is ultimately in the consumer’s best interest, it’s a pain for people to re-sign up for automatic payments, update records with their various business associates and begin anew.  Besides resulting in the rise of separate infrastructure for secure payments (above), could we see a credit card outcompete their peers based on cardholder security?

2.   The rise of Cyber Insurance

Due to the breaches in 2013 and 2014 that wreaked havoc on the businesses, brands, reputations and leadership of way too many enterprises, 2015 will be the year that Cyber Insurance gains velocity and popularity. The Board and the C-Suite will have an appetite for reducing risk by offloading it to insurance providers. Government agencies and insurance companies are already at work establishing guidelines to support the growth of the cyber insurance market.  Reduced Cyber Insurance premiums could be a new business benefit touted by security vendors, as premiums are reduced when a company demonstrates proof of having critical security controls in place.

See how Imperva can help you jump start your efforts to reduce risk.

3.   The “cloudification” of IT will accelerate

In 2015, the “cloudification” of IT will accelerate, and we will see some big organizations using the cloud, including more and more financial institutions offering services via SaaS platforms.  New compliance mandates for the cloud (ISO 27016, SSEA 16 etc.) are contributing to this phenomenon, because they enable businesses to validate their security posture and risk levels.

This leads us directly to a longer term prediction:  By 2017, the term “on-premises data-center” will be a term of the past for the small- and mid-size business market, which will move entirely to the SaaS model.

Access this reference architecture for protecting your AWS-based web applications. It capitalizes on Skyfence which can be used to protect all your SaaS applications.

4.   The first Big Data-related breach

As practical applications for Big Data grow, and the amount of information managed by businesses of every size reaches astronomical proportions, the temptation for hackers to secure the prize of being the first to hack a Big Data installation will mount as well.  In 2015, the first big Big Data-related data breach will occur. The lack of administration and security knowledge in such installations, combined with the advancements in server side attacks by hackers will result in hackers trying to and successfully infiltrating this growing platform.

Learn how to address the top threats facing database and Big Data resources.

5.   DDoS Attackers Take a Page from the APT Playbook

In 2014, DDoS attacks became much more sophisticated. Though much of the reporting focused on the size of attacks, a more troubling trend was the advancement in attack techniques. Much like their APT brethren, DDoS attacks can now morph and adapt based on the defenses in place. Hackers also dupe sites using impersonation, looking for vulnerabilities and cataloging them for future exploit. Though not as stealthy as APTs, DDoS attackers are learning from the successes of APT hackers and adopting some of their techniques for an equally troubling network based attack trend. And DDoS attacks are becoming increasingly common; a majority of organizations can expect to be hit with DDoS attacks in 2015. (Sources: Incapsula DDoS Trends Report 2014, DDoS Impact Survey 2014)

Download this comprehensive handbook that outlines best practices for planning and executing a DDoS response plan. 

What are your thoughts on what lies ahead this year?