Many experts agree that 2013 was the year of advanced malware. Individual and enterprise users saw new, more complex cyberthreats, including ransomware and botnets. However, as the year draws to a close, many are wondering what the next year has in store and what steps can be taken to combat these upcoming cyber dangers.
Threats to watch for in 2014
This year, ransomware including Cryptolocker received much media attention as users were being locked out of their files and forced to pay attackers for a decryption key. In some cases where the ransom was paid, individuals were able to regain control over their content, although others reported paying hackers and still being prevented from accessing their personal information. Experts predict that this trend is set to continue in 2014, however, attackers scope will widen to include not only individual users, but businesses as well, according to Computerworld.
As this trend becomes more prevalent, administrators will need to ensure that their sensitive data is protected. This way, if victims choose to pay, cybercriminals reap the financial benefits; if companies decide not to shell out the money, attackers still have access to important files which can be used for fraudulent purposes or sold.
Industry professionals also expect to see more targeted attacks in 2014, including malware campaigns aimed specifically at federal agencies, small businesses and large enterprises. These groups will be pinpointed by malware authors using both traditional and more complex routes to exploit victims for data leakage and monetary gain.
Predicted mitigating strategies
How will organizations deal with these upcoming cyberthreats? According to Network World contributor Jon Oltsik, research has shown that 41 percent of businesses have plans to create and establish a more integrated data security infrastructure. Experts advise designing a three- to five-year plan for putting this initiative into effect, which will include “replacing tactical point tools with an architecture composed of central command-and-control along with distributed security enforcement,” he wrote.
Additionally, 44 percent of companies said they plan to make security operation processes more automated to improve endpoint data protection and enhance information safeguard effectiveness. Oltsik noted that this is a beneficial move, as manual processes can lead to informal connections between security and IT operations, which could create opportunities for data leakage.
Research also showed that 49 percent of enterprises plan to mitigate cyberthreats by collecting and analyzing an increasing amount of security information. These efforts will help administrators create new policies for data loss prevention.