The Top 15 Security Predictions for 2015

Predictions are everywhere. Most security companies now make them. As I examined 2015 lists and checked them twice, everyone is saying that our online situation will get worse. But how much worse? What surprises await us? Here's what technology experts are saying - along with my naughty and nice labels.

by / December 28, 2014 0

credit: Katherine Lohrmann

As top security companies, magazines and bloggers came out with their predictions for 2015, one simple message emerged: more of the same – only worse. Since 2014 brought us twice the cyber danger as 2013, you may want to adjust your cyber safety belt.

Here’s my “Top 15 Guide,” for readers who want to see the prediction details as we head towards New Year’s Day. If you want to jump to conclusions, my cyber prediction summaries follow at the end.

1)      Symantec: Symantec led with this infographic offering ten 2015 security predictions – with attacks on the Internet of Things (IoT) and smart home attacks as their #1 item.

2)      Websense: After Websense analyzed the accuracy of their 2014 predictions, they led with healthcare data concerns on top of their Websense 2015 list.

3)      McAfee: McAfee Labs offered these 2015 threat predictions with percentages in an infographic form. They lead with state-affiliated cyber espionage attacks increasing in frequency.  

4)      FireEye: FireEye predicts we will see more mobile and web-based viruses, along with ransomware and Point-of-sale (PoS) attacks. They also point to big incident response failures coming.

5)      Trend Micro: Trend Micro offers an impressive (and free) 23-page PDF listing of eight 2015 security trends. Some are scary, such as: “Targeted attacks will become as prevalent as cybercrime.” Some are obvious: “New mobile payments will introduce new threats.”

6)      Kaspersky: Kaspersky leads with how cyberattack tactics are changing with cybercriminals merging with APT groups. 

7)      Sophos: Sophos was the most optimistic, leading with: “Exploit mitigations reduce the number of useful vulnerabilities.”

8)      We Live Security: Welivesecurity.com offered their list of trends and security predictions, which reads a lot like the other lists. They lead with APT targeted attacks growing.

9)      Network World: Network World’s Jon Oltsik offers a very different list, which leads with the serious impact coming from the cyber skills shortage.

10)   CIO Magazine: CIO Magazine offered these 5 information security trends that will dominate 2015.

11)   GovCloud Network: Kevin Jackson, the CEO of the GovCloud Network, offered these interesting predictions on a wide range of items over at Dell.com. How about: Privacy will be more important than security?

12)   Computer Science Corporation: Tom Patterson, the cybersecurity leader at Computer Science Corporation (CSC), offered ten trends that he called predictions at CSO Online. A helpful, somewhat different, list. I like #8 – “Transnational Crime Becomes More Concerning than Governments.”

13)   Business Insider: Business Insider offers nine tech predictions worth considering for 2015 – and #4 states that the “cyberattack era is just starting.”

14)   Forbes: Forbes writer Jim Blasingame usually writes about business - not tech. He reports, “The Sony hack and subsequent corporate cyber-terror threat by North Korea will for the first time in history manifest in cyber-security practices of corporate America being elevated to de facto national security concerns.”

15)   Business Spectator: The Business Spectator in Australia offers these five interesting tech trends that affect security – especially identity management and biometrics.  

(Some of the other notable predictions include write-ups from eWeek,  Infosec Institute, Microsoft, Gartner, TheVarGuy,  Forrester, IDC, Varonis and Threatstream. However, their cyber trends look very similar to most of the others mentioned for 2015 -announcing mobile malware, IoT and more data breaches are coming.) John Fontana at Yubico.com boldly predicts a 10x increase in phishing attacks in the enterprise.

Security Prediction Accolades:

And the category winners are…

Most Surprisingly Upbeat: Sophos – Leading with: Exploit mitigations reduce the number of useful vulnerabilities.

Most Overlooked: Privacy and regulation trends – “The patchwork nature of regulation around the world is likely to become an increasing burden on organizations in 2015.” CIO Magazine

Most Popular: Plenty of Internet of Things (IoT) attack predictions – Symantec leads with this.

Runner-up for Most Popular: (Just about everyone) - More mobile malware, including a surge in ransomware. 

Most Long-term (lasting): The ‘cyberattack era’ is just starting. (Business Insider.)

New Job Function: Gartner - Emergence of Digital Risk Officer. It will be interesting to see how quickly this evolves from Chief Information Security Officers (CISOs).

Most Geopolitical: Forbes Jim Blasingame – “Cyber-security practices of corporate America being elevated to de facto national security concerns.”

Most Likely: More major data breaches will hit the headlines. eWeek offered ten breach predictions.

Most Professionally Relevant for Cyber Pros: Network World – “Demand will exceed supply for cybersecurity professionals leading to salary inflation.  CISOs who can’t hire the right talent will have no choice but to look for help from MSSPs and security SaaS vendors.  As a result, 2015 will be another boom year for all types of security service providers on all types.” 

Needing Most New Office Attention: FireEye – “When something does go wrong and a cyberattack is successful, response plans are also expected to fail more often, with harsher consequences. FireEye believes that a lack of adequate response could result in a major brand going out of business in 2015.” 

Least Likely: Privacy will be more important than security. Kevin Jackson, the CEO of the GovCloud Network. I agree with him, but not in 2015 (or 2016).

Most Scary: Trend Micro, “Targeted attacks will become as prevalent as cybercrime.” Will the public become numb to 'smaller' cyber attacks?

Most Specifically Bold: Yubico.com, "10x increase in phishing attacks in the enterprise..." 

Most Creative: Are you ready for “malvertising?” McAfee Labs and Wired Magazine say that mobile malware will come from untrusted app stores and is the latest “sweet spot” for bad actors.

Most Hopeful: Symantec – Machine learning will be a game-changer in fight against cybercrime in 2015. My view - This certainly coming, but may not be a 'game-changer' so quickly.

What’s Missing?

Not much talk of the grid going down or a major life-changing breach. Also, minimal mention of robots, 3D-printers or other big tech trends for 2015. Or, how about hacking of drones? When will black-hat hackers tackle artificial intelligence, augmented reality, virtual worlds or biomedical advances?

How much worse will things get? Will the cyber metrics of danger double again? What big surprises are likely, or possible?

Yes, there are new online twists mentioned. Malware is changing. Mobile payments, the Cloud and IoT are evolving – with growing, modified cyberattacks coming. Many companies now offer impressive infographics of security trends. Wearables will be huge, so get ready for WYOD or BYOW security issues.

But this blogger gets the sense that cyber companies and experts are gathering personnel and supplies for a long journey that will last many years.

It may sound a bit too much like Star Wars, but could there be cyber drone war coming or other new technology turned against society sometime in the next few years?

Predicting upcoming events has become almost as common as making New Year’s resolutions. Whether they help or hurt, or become self-fulfilling prophecies, is debatable.

On the positive side, perhaps we can look at this list and make personal and corporate resolutions to fix things. However, some experts insist that resolutions are bad for us and predictions are largely a waste of time – because we are bad at predicting the future.

Last year, I got most of my predictions correct on government technology. But like other cybersecurity leaders, I also missed a few. One important development that will get new attention in January: The US Congress passed new  cyberdefense legislation – finally.

This year, I am simply focusing on other security prediction lists.

Examples Please

For those who want more practical examples of these cyber threats, here are two CNNMoney videos. The first shows how drones can be used to hack phone calls.

Here’s one example related to the Internet of Things (IoT). SMart home vulnerabilities, in devices like thermostats, are being hacked. Symantec and others say this will dramatically increase in 2015.

 

Final Thoughts

As we move into 2015, the lack of bold cyber predictions actually concerns me, since I know that many of these security company leaders, industry experts and bloggers believe that such events are coming. (For example, see this blog on Secretary Napolitano's remarks at the National Press Club in August, 2013.)

One thing became clear as I read predictions from around the world. Regardless of what security or technology company or blogger you follow, the technology experts agree that the bad guys are still ahead of the good guys - and getting better.

As Shawn Henry from CrowdStrike said a few years ago when he led the FBI cybercrime unit, most enterprises are outgunned in the hacker war. I think we are still outgunned in cyber.

We can expect more sophisticated data breaches, targeted cyberattacks and personal online surprises in 2015. And yet, we need to keep a positive view of security as an enabler of innovation, or we will lose enterprise support.

While we have a long road ahead to improve information security, there is also new hope for the future as we celebrate another New Year’s Eve. 

Dan Lohrmann Chief Security Officer & Chief Strategist at Security Mentor Inc.

Daniel J. Lohrmann is an internationally recognized cybersecurity leader, technologist, keynote speaker and author.

During his distinguished career, he has served global organizations in the public and private sectors in a variety of executive leadership capacities, receiving numerous national awards including: CSO of the Year, Public Official of the Year and Computerworld Premier 100 IT Leader.
Lohrmann led Michigan government’s cybersecurity and technology infrastructure teams from May 2002 to August 2014, including enterprisewide Chief Security Officer (CSO), Chief Technology Officer (CTO) and Chief Information Security Officer (CISO) roles in Michigan.

He currently serves as the Chief Security Officer (CSO) and Chief Strategist for Security Mentor Inc. He is leading the development and implementation of Security Mentor’s industry-leading cyber training, consulting and workshops for end users, managers and executives in the public and private sectors. He has advised senior leaders at the White House, National Governors Association (NGA), National Association of State CIOs (NASCIO), U.S. Department of Homeland Security (DHS), federal, state and local government agencies, Fortune 500 companies, small businesses and nonprofit institutions.

He has more than 30 years of experience in the computer industry, beginning his career with the National Security Agency. He worked for three years in England as a senior network engineer for Lockheed Martin (formerly Loral Aerospace) and for four years as a technical director for ManTech International in a US/UK military facility.

Lohrmann is the author of two books: Virtual Integrity: Faithfully Navigating the Brave New Web and BYOD for You: The Guide to Bring Your Own Device to Work. He has been a keynote speaker at global security and technology conferences from South Africa to Dubai and from Washington, D.C., to Moscow.

He holds a master's degree in computer science (CS) from Johns Hopkins University in Baltimore, and a bachelor's degree in CS from Valparaiso University in Indiana.

Follow Lohrmann on Twitter at: @govcso