Security has always been a concern for businesses, small and big alike. Last year security became front page news, leading some to call 2014 the “year of the breach.” We saw apps breached for user information, such as Secret; corporations breached over movies, such as Sony; services breached for photos, such as Snapchat and Apple’s iCloud; vulnerabilities exploited and patched, such as Heartbleed; and – even after two years – details still being revealed about the reach of the National Security Agency.
One can not help but to stop and ponder “What might be in store for 2015?” We have come up with a list of five things to keep an eye on in the coming year.
1. Data Breaches
We predict that data breaches will increase in the coming months. Over the last few years breaches have been on the rise. More breaches are happening to public companies that have to disclose them to their shareholders. We believe the increase in reports has not just been from more frequent disclosures, but from an actual increase in the number of breaches. The Sony breach was one of the largest in 2014, highlighting the importance of security in today’s internet-connected world.
2. Debit/Credit Card Statements
An alarming number of breaches collect more than just usernames and passwords. Criminals also have monetary motives, such as credit and debit card information. After a breach exposes these details to the criminals, or whomever they sell them to, the best person watching financial statements for unusual transactions is oneself. We do not recommend depending on your bank or the business that was breached to offer any form of monitoring. Whilst this has been offered in some cases, it is not the norm. This has become such an issue that federal legislation is in the pipeline to address these types of breaches.
3. Advanced Forms of Malware
Malicious software was present in almost all instances when a data breach was detected. BlackPOS malware was found on Point-of-Sale systems in the Target breach, which was able to gather 40 million card numbers. Home Depot also had upwards of 56 million card details skimmed by malicious software. The Secret Service claims that over 1000 U.S. businesses unknowingly have the Backoff malware installed, and this number is always rising.
Some forms of malware seemed even more sinister. Cryptolocker and its many variants encrypted a user’s files in the background, then presented a message to the user prompting them for an anonymous form of payment to decrypt the files. Mobile Malware will also be a growing concern for 2015 and beyond as more people pay for items, shop, and rely on these mobile platforms for daily data-sensitive tasks.
4. Password Protection
This should really go without saying, but protecting your accounts with good passwords is crucial. Protecting one’s account with two-factor authentication, where available, helps tremendously to reduce the risk of someone else logging in to your account. If an online service does not offer two-factor authentication, it is our responsibility as consumers to push those services to adopt it. There are also lesser-known alternatives to passwords such as SQRL or tokens, but their adoption rate is even lower than two-factor authentication.
5. Social Media Scams
More people are joining social media each year, and so are people with bad intentions. There has been an increase in false information on security settings for certain social media platforms, such as Facebook, leaving users more susceptible to different social engineering and phishing attacks. We saw more apps take advantage of Facebook Single Sign-On to mine user data, post without user permission, and spread around the platform like a worm. Other scams consisted of messages sent across the platform with phishing links which prompted users to re-authenticate their Facebook login, but in reality it would be a man-in-the-middle attack gathering usernames and passwords of unsuspecting users.
We saw many different vulnerabilities and exploits from Shellshock to Heartbleed. A rise in known exploits makes keeping a system up-to-date critically important, and this is a trend which will continue year after year. Security has been more important with each passing year, and will continue to become more important in the future.
For more information on any of these topics you can follow us on your favorite social media site and also contact us there. We are on Facebook (everyone’s favorite) and Twitter.
If you want to contact us by a more traditional method, you can always send us an email at firstname.lastname@example.org or give us a call at +1 (877) 896-3681. We will be happy to answer any questions you might have!