2015 will bring new cyberattack trends, including data destruction and more capable hacktivists.
Editor's Note: This article is the second in a series on cybersecurity trends. Read part one: 2014: The Year of the Breach?
Here is a look at some possible threats for the year ahead.
Attacker behaviors that we’re not accustomed to are mass data destruction, as well as hacktivists having sophisticated capabilities that pose more than a trivial threat to organizations. In recent cases, data on hard drives has been overwritten, and user’s machines have been prevented from booting. If data destruction becomes a trend, this heightens the need for improved methods of detection and protection. In addition, this could drastically change the way we respond to attacks.
In 2015 we are going to see a rise in products focused on analysis of user behavior — both as an ongoing way of verifying the user’s identity as part of the authentication process, and also as a way of anomaly detection by running activities through various data models to determine the level of risk associated with a particular activity. There is clearly a security visibility gap today that behavioral analysis can fill — the ability to detect bad actors who are already inside your network, moving laterally to complete their mission.
We know that attackers quickly abandon the use of malware, and use legitimate credentials during their mission. Two-factor authentication is an excellent way to protect against this; however, it doesn’t provide any form of detection or protection when an attacker attempts to authenticate. This will change in 2015 as organizations start to realize the value of adaptive authentication provided by the next generation of strong authentication solutions. Using this in conjunction with two-factor authentication adds an additional level of risk analysis to the authentication process, all while leveraging an organization's existing VPN or identity store investment.
Keith Graham is the Chief Technology Officer for SecureAuth.