News Feature | December 1, 2014

Websense Cybersecurity Predictions Released For 2015

Christine Kern

By Christine Kern, contributing writer

NRF Organized Retail Crime

Websense has released its list of cybersecurity predictions for 2015. The year 2014 was fraught with data breaches and challenges to security across industries and technologies.  “Cybercriminals are continually adapting evasive techniques and methods so they can circumvent the security systems that were specifically put in place to stop them,” Charles Renert, vice president of Websense Security Labs, says in a press release. “By thoroughly analyzing recent cybercrime trends and tactics, we have established a common thread across each of these predictions: threat activity is increasing in frequency and sophistication.”

Cybercriminals were responsible for massive data breaches initiated at physical locations, as well as for attacks on data stored in the cloud. Hacks also revealed vulnerabilities of outdated code.  This new report presents the predictions of cybersecurity researchers from Websense Security Labs.

“With a new year of threats just on the horizon, our predictions aim to help security teams stay a step ahead of the threats and vulnerabilities anticipated to impact their organizations,” says Carl Leonard, Websense principal security analyst. “Our security teams constantly analyze the landscape to identify the most effective ways to safeguard our customers from the repercussions of tomorrow's threats.”

Findings Include Warnings For Healthcare, IoT, Along With Payment

Among the report’s predictions is an increase in cyberattacks on healthcare. Particularly as the healthcare industry transitions to electronic records, security lapses may occur, allowing for cyberattacks to increase.

The experts also say that attacks on the Internet of Things (IoT) will focus on businesses, and not on consumer, products since the new protocols associated with connected devices allow new opportunities for malicious attacks to garner protected data. According to the report, “Attacks are likely to attempt to use control of a simple connected device to move laterally within an organization to steal valuable data. In the coming year, manufacturing and industrial environments, in particular, are likely to see an increase in attack volume.”

Cybercriminals will also likely accelerate the pace of the theft of credit card data, targeting a wider range of customer information, and then selling that information to the highest bidder.

When it comes to mobile devices, hackers will be targeting credential information rather than data, stealing authentication information to be used later.  Increasingly, researchers say, there will be more use of mobile phones to access information in the cloud.

Like Open SSL, Heartbleed, and Shellshock, which emerged in 2014, attacks will exploit vulnerabilities lurking in outdated source code in 2015.  One contributor to these vulnerabilities is the reliance on open source code, which allows for backdoor access to be overlooked. 

Email threats will take on a larger role, with a new level of sophistication and evasiveness. They will play an increasing role in reconnaissance for major attacks.

With the increase in the use of cloud and social media tools, criminals will move their command and control instructions to legitimate sites, making it increasingly difficult to discern malicious traffic from legitimate traffic.  This means that cyber criminals, predicted to grow globally, will become even more invisible.