Michael Sentonas of McAfee said that the poor cyber security foundations of many companies will continue to create opportunities for attackers in 2014.
“In 2013, I saw a number of successful high profile attacks that occurred due to poor patching, misconfigurations, out of date security, and a lack of enterprise-wide security visibility. Businesses need to understand that lax cyber security could have significant implications on their company data, operations, and financial viability,” Sentonas said.
“Organisations need to determine how quickly they can restore their critical data and bring systems back online if attacked by malware designed to freeze or destroy their network.”
As more businesses embrace mobile devices and the cloud, McAfee warns it’s important to understand cyber threats and vulnerable areas.
Here are McAfee’s top threat predictions for Australia:
Ransomware samples are expected to increase given the financial success cyber criminals have had with this software. Ransomware has typically targeted consumers but is not also targeting enterprises.
The volume and complexity of malware designed to capture identity and financial information will continue crossing over from desktops to mobile devices.
Cyber criminals will continue to give rise to destructive malware, some of which are designed to damage the victim’s master boot record, resulting in complete computer systems being rendered inoperable.
Hacktivist groups will continue to target governments in 2014, and are expected to spill over and target private enterprise.
Security tools under attack
Cyber criminals will continue to develop attacks that will be ‘sandbox aware’, or able to bypass security systems. Sandboxing is a feature, not a complete security solution.
The Internet of Things
All devices that connect to the company network should be considered endpoints that come with a level of risk, as they typically have less security and are a target for attackers.
Bypassing digital signatures
More than 1.5 million samples of malware signed with digital signatures already exist, and attackers will continue to circumvent trust mechanisms.
Security vs privacy
Expect to see some governments and corporate organisations go dark in reponse to privacy issues. Consumers privacy demands will impact security architectures, the cloud, and information sharing.
Attacks aim to exploit lax security architecture, policy, and skills shortages using tried and true methods rather than sophisticated new techniques.
An increase in targeted attacks on government, large enterprise organisations, and SMBs is expected as cyber criminals focus their attempts to financially exploit targets.