There was a lot of attention paid in 2015 to the growing security threats against smartphones and Internet of Things (IoT) devices. The threats are quite real with these new technologies and can provide back doors to cyber criminals hoping to worm their way into company networks.
But in 2016, two of the biggest security threats to company networks are directed at comparatively ‘old school’ technologies: laptops and the software that runs on them. While these threats aren’t new, many security researchers predict they will become more highly targeted this year.
The reason is supply-and-demand, in that there’s a growing demand for a tighter supply of stolen corporate user credentials. This year, we can expect to see a more robust, increasingly sophisticated ‘dark market’ for stolen data and user credentials. Specialized marketplaces of stolen credentials based on industry and sector will let Dark Web users buy highly specific types of credentials to use in their criminal hacking efforts.
Employee laptops and home computers are a more attractive target.
Over the past few years, corporate networks, despite high-profile data breaches at Target and other companies, have become more difficult for malicious hackers to penetrate. As a result, the laptops and home computers that employees use for remote work, especially those that the employees own, are an ever more appealing target than before.
These computers are often used when employees stray beyond the secure company network perimeter, where they would otherwise be protected by firewalls, Web and email gateways, Intrusion Prevention Systems (IPS), and other security technologies.
McAfee Labs put its finger on the problem in its 2016 Threats Predictions report: “If attackers really want to get at your data, but find themselves blocked at every attempt against the corporate data center, then the relatively insecure home systems of the employees become the next logical target.”
This raises another supply-and-demand scenario. When it comes to mobile and remote workers, the supply is continually growing. The population of employees who regularly work from home has grown 103 percent since 2005, according to Global Workplace Analytics, with 50 percent of the U.S. workforce now working from home at least part-time.
The result: Expect to see a growing number of security-conscious companies offering advanced security technologies to their employees specifically for use at home on their personal laptops, desktops, and/or networks.
And as always, VPN software and encrypted hard drives on company laptops are among the viable options for securing company information while still providing remote workers with access to the data.
Internet-connected software and services make for popular targets.
In 2016, those who use software and services that connect to and store data on the Internet—sometimes without IT’s knowledge—will be another big target for cyber criminals and malicious hackers.
“Whether using video conferencing and voice mail, project management tools, data storage sites, or cloud-hosted applications, employees can put companies at risk by accessing and storing company data on third-party sites that do not offer proper oversight on security management,” McAfee Labs notes in its 2016 Threats Predictions report. “The opportunity for attacks targeting the back-end infrastructure to steal information, or listen to private conversations, including your conference meetings, can be exploited.”
While this isn’t a new concern, it’s certainly growing. When asked what keeps them up at night, 64 percent of global IT and IT security practitioners surveyed in a 2015 Ponemon Institute report said “not knowing where sensitive data is,” compared to 57 percent who cited that concern in 2014.
To minimize threats from the use of cloud-based services, IT should put into place standardized processes for assessing the risks to, and safeguarding, sensitive information stored in the cloud as well as on-premise.
Other steps IT can take: Track changes to access patterns to identify unusual activity; require users to employ two-factor authentication with cloud-based applications; and continue to educate users about the risks of storing and accessing sensitive information on third-party servers.
The rest of the year will bring with it new security threats, new forms of attack, and high-profile corporate security breaches. The security of mobile operating systems, especially Android, and IoT devices will continue to get a lot of the publicity this year. But it will be as important as ever to secure the laptops and desktops workers use—whether company- or employee-owned— and keep a close eye on the software and services they’re using.
Underwritten by HP Inc. and Microsoft