The figgy pudding is gone, the champagne is flat. As New Year celebrations fade to the past and 2015 really sets in, one thing remains constant: cybercriminals have not changed. They’re still up to their tried and true antics, and the year will bring new, more sophisticated threats to individuals and enterprises alike. In our January Twitter #SecChat, we discussed the changing threat landscape and top threat predictions for 2015. This discussion was based on key findings and predictions from the McAfee Labs Threats Report, November 2014. Below are some of the highlights from the chat:
Which cyberthreats do you anticipate will cause the most damage in 2015?
We kicked off our #SecChat by asking attendees which threats they thought would cause the most damage this year. While diverse perspectives were shared, ransomware was a common thread in the conversation (as seen in @craigschmugar‘s answer below). In addition to ransomware, Twitter user @imuttik claimed that while 2014 was seemingly the year of crypto-vulnerabilities, 2015 could be the year of cloud abuse. According to @bsmuir, ICS/SCADA systems and open source code will also be central cyberthreat themes in 2015:
A1: Damage can certainly be defined in different ways, but financially speaking ransomware is off to a bang in 2015 #SecChat
— Craig Schmugar (@craigschmugar) January 29, 2015
A1. Also, year 2014 was the year of “crypto vulnerabilities”. 2015 may well become a year of cloud abuse. #SecChat — Prof. Igor Muttik (@imuttik) January 29, 2015
A1: ICS/SCADA will still be the most vulnerable from a “physical” perspective. But open source code will have it’s share too. #SecChat — Brent Muir (@bsmuir) January 29, 2015
What struggles with data privacy do you foresee occurring in 2015?
#SecChat attendees agreed that the topic of data privacy brings with it many unanswered questions. @Raj_Samani suggested that our standards of privacy are unrealistically high. Likewise, @mdennedy pointed out that the tug-of-war between surveillance, speech and human controls present “massive open questions.” While many participants agreed that the state of data privacy in 2015 was very much “up-in-the-air,” @SPCoulson changed the pace, asserting that companies’ should first decide what personal information is at risk and what needs securing:
@IntelSec_Biz A5 our expectation of #privacy is based on absolutes that in fairness never existed even in the physical world. #SecChat
— Raj Samani (@Raj_Samani) January 29, 2015
@IntelSec_Biz massive open questions re surveillance v speech v human controls #SecChat
— M Dennedy (@mdennedy) January 29, 2015
A5 Companies not getting to the bottom of what information is at risk, needs securing. #SecChat
— Stuart Coulson (@SPCoulson) January 29, 2015
How do you think organizations should prepare for the changing threat landscape?
In closing, we asked #SecChat participants how they thought organizations should prepare for emerging cyberthreats in 2015. @Scott_Nelson19 insisted that understanding threat motivations and preparing a breach response are key to taking cybercrime head on. A different approach was proposed by @HaifeiLi, who said that comprehensive solutions are necessary when combatting new threats. @IntelNorris suggested companies combat emerging threats by investing in a framework built for quick threat identification, communication and remediation, such as McAfee Threat Intelligence Exchange. Finally (and perhaps key to each of the above points), @ITrusevych said that staff education and training is vital when preparing for new threats:
A7 Understand motivations of threat: destroy assurance & privacy or create liability, practice diligence & prepare breach response #SecChat
— Scott Nelson (@Scott_Nelson19) January 29, 2015
A. Final: Comprehensive solutions needed, network/endpoint/sandboxing, no single solution can protect against all the threats. #SecChat
— Haifei Li (@HaifeiLi) January 29, 2015
@IntelSec_Biz A7: Invest in a network framework that can quickly identify, communicate and remediate potential threats such as TIE #SecChat
— Norris Brazier (@IntelNorris) January 29, 2015
A.Final: Organizations need to continuously train their staff #SecChat
— Ivan Trusevych (@ITrusevych) January 29, 2015
Our #SecChat covered a lot of ground on the topic of cyberthreat predictions for 2015, from discussing the inevitable growth of ransomware to suggesting measures organizations should take to optimize network security as the year progresses. Thanks to all who joined the conversation! To view the full chat on Twitter, check out the #SecChat hashtag, and be sure to follow @IntelSec_Biz to stay informed about upcoming chats.
The post January Twitter #SecChat Recap—New Year, New Cyberthreats: What’s in Store for 2015? appeared first on McAfee.