Network security vendor Stonesoft predicts that the top infosec threats to watch out for in 2013 will include unseen and unknown targeted cyber-attacks, espionage and hacktivism. Jarno Limnell, director of cyber-security at Stonesoft, reckons that in 2013 the security of the digital world will become an even more pressing issue, and this will lead to increasing pressure to consider international norms, rules and regulations. "As nation-states continue to invest heavily in cyber capabilities (defence and offence), it is also likely that they will be more inclined to use these capabilities and the use of cyber force in the world will increase" Limnell says "this may have severe consequences – in particular with regard to unpredictable side-effects. A single attack can spread rapidly around the world, even by a mistake. There is a myriad of players who are investing immense resources to change the cyber reality".
The top six security trends to watch for in 2013 according to Stonesoft are:
- The world will experience more targeted cyber-attacks. The development of highly sophisticated malware by state-sponsored organisations has the potential to radically affect the speed at which the wider threat landscape evolves. Cyber threats will become more unpredictable than ever before.
- Espionage by nation-states will continue to rise. In 2012 we saw botnets and malware silently send the whole contents of the user’s hard drive to a control machine. This will continue to be a problem in 2013. The protection of critical national infrastructure will continue to be an extremely important aspect of cyber security.
- Hacktivism will grow and become increasingly relevant and dreaded – in particular, it will become more aggressive and its means and impact will become more powerful. At the same time, the role of non-nation players will become more important, in particular with respect to expertise, not just resources.
- We will see even more advanced evasions techniques (AETs) being used against organisations and governments. As security technologies and the overall capability to catch cyber criminals and hackers improve, they will invest their “R&D” resources in developing increasingly sophisticated and stealthy attack delivery technologies to improve their ROI. The most worrying part of this is that current security technologies are not capable of stopping AETs and the targets will remain unaware that they have been attacked.
- In 2012 we heard about a lot of vulnerabilities in closed source enterprise applications such as Oracle, SAP and SCADA. These applications contain business critical data and are highly valuable targets for intruders. This will continue to be a problem in 2013.
- Android will continue to be targeted by hackers. The platform provides an attractive environment for malware and hackers will take advantage of this.