Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
Editor's Blog and Industry Comments

IT security industry predictions for 2014

12 December, 2013
Providers of IT security protection technology are predicting a year when cyber criminals will consolidate their skills and deepen their murky campaigns

By Jonathan Newell

'Tis the season not so much to be jolly as to wax lyrical about the doom and gloom that everyone is destined to face in the coming year whether you're a lone surfer, a mighty corporation or even a user of embedded computing devices. There's little in the way of good news in terms of what the world will suffer from cyber criminals in 2014 according to the predictions of the expert community of IT security industry suppliers.

Keep up to date or suffer the consequences

An element of the "it's your own fault" mentality will continue to annoy users who will be expected to be even more vigilant during the coming year as hackers and malware writers become more agile and exploit vulnerabilities rapidly as soon as they're discovered. Nobody loves a mechanic who sucks in a gasp of air through clenched teeth and follows it with a sad shake of the head whilst declaring "You let the oil run low, it's gonna cost you mate!". Such will be the feeling for those who don't patch their operating system, don't install the latest Java updates and don't back up their data.

You might think that's nothing new but a significant change will occur in 2014... Windows XP will be end of life in April. The continued love affair that many have for this out-of-date operating system feeds right into the hands of hackers, according to Ken Westin, security researcher at TripWire. With no support for XP, hackers will reverse engineer every Windows OS patch update that's released to see if the same vulnerabilities that they're fixing also exist on XP. If they do, they'll exploit them and attack the remaining die-hard XP users.

Locksmiths and key-holders

In the wake of the NSA scandal this year, concerns about data privacy are predicted to skyrocket during 2014 and cloud service providers are moving to protect themselves from end-user criticism for not securing their data adequately. According to Larry Warnock, the President and CEO of Gazzang, the trend is to start offering encryption keys that are revocable by the end user. Currently, cloud services design their systems for recoverability rather than security by holding both the lock and the key. By passing the keys over to the user, they can't be accused of passing access to third parties..... but recoverability suffers as a result.

An example used by Larry Warnock is Bitcoin which he believes will become the subject of stricter regulations. The "keyholder" dilemma is most glaringly evident here since storing them locally carries the risk of hard drive failure and data loss whilst entrusting them to the cloud carries the risk of hacking and Bitcoin disappearance.

The cloud encryption dilemma is likely to become much higher profile in light of the prediction by Calum MacLeod of Lieberman Software that corporations will move more towards cloud-based computing services, displacing the traditional role of the CIO and IT department. Calum predicts that the movement of security assets into the cloud will be driven largely by cost, more complex regulatory demands on companies and a lack of skills to manage IT security locally, particularly in smaller companies.

BYOD and Network Threats

There's nothing new in the notion that network edges are becoming more fuzzy and therefore the use of mobile devices and cloud services are putting pressure on the ability of IT departments to keep threats from coming onto the network. 2014 is seen as being a crucial year in the development of advanced threat protection, the inevitability of adopting Bring-Your-Own-Device (BYOD) policies to remain competitive and the paramount necessity to protect the network from associated threats.

According to Ashish Patel of Stonesoft, such increased complexity requires a shift in emphasis away from product solutions to security connected platforms which will enable faster and more appropriate reactions to new threats. The Next Generation Firewall has already been around for some time so the world is now ready for the Next-Next Generation Firewall, something which Ashish refers to as the Advanced Next Generation Firewall which is characterised by unprecendented levels of agility and flexibility to be able to react to changes in the cyber environment.

The mobile devices attached to the network are a threat which will reach new levels of sophistication, according to Tripwire's Craig Young. He believes that it isn't only the data they contain which is the target but also the systems that they access. The vigilence of users in selecting the apps which they install will need to be taken a step higher. Craig's colleague, Ken Westin, also states that user authentication will also increase in importance for BYOD users with an increase in the uptake of Two-Factor Authentication (2FA) and a boom in the use of biometric technologies.

Threats to embedded technology and black box networks

Industrial computing protection has seen a big, belated boom in 2013 and the users of industrial systems, black boxes and embedded computing are now well aware of the risk they face from advanced cyber threats that target the "internet of things". Tripwire's Tim Erlin describes this as representing "a growing target surface for compromise in 2014".

The threat ranges from consumer systems to entire infrastructure grids and the response from the user base has been mixed. Tim explains that firmware updates to provide continued protection on consumer systems are unlikely to emerge particularly quickly and when they do, consumers are unlikely to respond quickly in applying the updates.

For more complex systems, industrial users are more aware and more keen to apply protective controls but the supplier base needs to step up the pace to provide the protective technology which is necessary. According to Larry Warnock of Gazzang, over a dozen US utility companies have reported frequent intrusion attempts on their systems during 2013, the success of which could bring down power grids and cause further failures in infrastructure due to power failures.

Larry went on to say that the rapid development of connected vehicle technology and smart transport infrastructure system places the road network and the vehicles that use it at risk as well.

Jonathan Newell is a broadcast and technical journalist specialising in security systems and transport safety. He contributes to a range of titles in the technical press. He shares his time between the UK and Kazakhstan

Bookmark and Share