The year 2014 is about to end and it is important to check what happened in the latest months regarding cybersecurity to understand what we can expect for the forthcoming year. Even though 2013 was called the year of the mega-data leaks, what happened in 2014 was not far behind. Vulnerabilities like Heartbleed and Shellshock, incidents in which private information was exposed or attacks targeted to specific industries and/or users in Latin America and all around the world, reminded us that nobody can rest on its laurels.
For 2015 we forecast that several tendencies from previous years will continued to be valid and will do more complex the fight among those that want to create new threats and to take advantage of vulnerabilities and those wanting to protect their information, for which it will be important to think in a unified and integral security.
For example, in the case of mobility, it will continue rising and cybercriminals will focus increasingly towards that scenario, while users will continue sacrificing their privacy because of the need for being fashionable and for social belonging.
These are the top 5 Symantec predictions regarding cybersecurity in Latin America, which may have impact on final consumers, enterprises and regional governments:
- Mobile users will risk their privacy. Fashion and the need for social belonging are often sufficient reason to sacrifice privacy in exchange for mobile applications. Although many users are still reluctant to share online personal banking and identification information, others are determined to share information about their location and the battery of their mobile device, and to allow access to their pictures, address book and health information, all in exchange for obtaining and using more and more mobile applications. In addition, many consumers do not really know what access permissions they grant when downloading applications. For example, millennials may think they know the permissions they are granting, but when they are ask for details, they have a slight idea concerning commercial information that such applications use.
- Security will go beyond passwords. With the password system under constant attacks, security specialists face greater challenges in how to balance the need of convenience versus complexity, while providing users an experience without interruption. In this scenario, the adoption of multi-factor authentication techniques such as single-use passwords or iris scans and fingerprints can provide alternative security methods. However, these can sometimes not be the most effective options. One option for protecting valuable information lies in the behavior of users, which is ultimately the way we can prevent our online assets and personal identities to be compromised, and that is where we must work and focus on educating and sharing better practices.
- The distributed denial of service (DDoS) will increase. In 2014 there were an increase number of Unix servers compromised due to attacks and that made clear the possibility that their high bandwidth can be used in DDoS attacks. The motivation of the attacker may vary: hacktivism, money and disputes are the main reasons. Given the ease of conducting large DDoS attacks using this channel, Symantec expects that DDoS attacks will continue growing in the next months and that the probability of becoming a target of a small but intensive attack will remain latent. Moreover, surely during 2015 we will continue seeing targeted attacks as the ones identified in 2014, because cybercriminals are increasingly patient and specific.
- Knowledge and Big Data will help countering cybercrime. A new generation of business platforms is emerging from the convergence of automatic learning and Big Data and this will generate a change in cybersecurity. Automatic learning refers to a form of deep learning that can be considered as the first step in artificial intelligence. 2015 will be critical to continue being ‘proactive’ against threats, rather than reacting to them; automatic learning help security specialists throughout the region to stay one step ahead of cybercriminals. The ability of automatic learning and the cyberintelligence to predict cyberattacks will improve detection rates and may be the key to reverse the current trend in cybercrime growth.
- There will be more alliances and partnerships in the industry. The fight against cybercrime cannot be won isolated and security industry, along with telecommunications providers and governments around the world, including those in Latin America, are joining forces to win the war against cybercrime. The security industry is one of the few in the world that has a 'nemesis industry' constantly working against it to lessen it. That's why it is required a different approach to succeed, for example this year we have seen various actions of cooperation between public and private sectors in several countries of the region. This is especially important in countries like Brazil, Colombia and Mexico where the broadband has grown significantly and every day there are more users of Internet for diverse procedures, transactions and communications.
In this sense, in the following months attackers will continue seeking new vulnerabilities so they can "hack the planet", so open source platforms will continue countering these vulnerabilities through enhanced coordination, collaboration and industry response. We see this as a positive sign and Symantec believes that open source platforms can only get better in the future.
The need to protect information is increasingly important, so it is always necessary to reflect on it in order to become aware of the possible risks that we will be facing next year and to get ahead of cybercriminals on all fronts, users, companies, governments.