DOROS HADJIZENONOS, Country Manager of Check Point South Africa, gives his security predictions for the coming year.
A year in cybersecurity can seem like an eternity. But despite the rapid changes, many things remain constant. Check Point’s top three predicted security threats for 2015 were the rapid growth in unknown malware, in mobile threats, and in critical vulnerabilities in commonly used platforms (Android, iOS and others). These were fully realised, and are likely to remain a significant threat. The cat-and-mouse game that has typified cybersecurity in recent years continues, with hackers constantly finding new ways in which to attack networks – as this year’s high-profile breaches at Anthem, Experian, Carphone Warehouse, Ashley Madison and TalkTalk showed.
Like most IT security professionals, I really want my predictions not to come true: I would prefer organisations didn’t get hacked or breached. But by anticipating the next wave of threats, we hope to help businesses stay on top of the evolving tactics and exploits that criminals will use to target them. So here are ten IT security threats and trends that I expect we will see during 2016.
‘Sniper’ and ‘shotgun’ malware
We believe that larger breaches in 2016 will be the result of custom-designed malware designed to get past the defences of specific organisations, such as the attack on US retailer Target. While generic, broad-brush attacks will continue to threaten individual users and small enterprises, hackers will raise their game when attacking larger organisations with more sophisticated security postures. They will use deeper, more sophisticated phishing and other social engineering tricks to gain access to the data that they want.
Moving to mobile
Mobile attacks continue to increase as mobile devices become more commonplace in the workplace, offering hackers direct and potentially lucrative access to personal and corporate data. Our 2015 Security Report found that 42% of organisations had suffered mobile security incidents which cost more than $250,000 to remediate, and 82% expected incidents to rise. This year has also seen several high-profile mobile vulnerabilities emerge, including Certifigate on hundreds of millions of Android devices and XcodeGhost, the first major malware infection targeting non-jailbroken iOS devices. We expect to find more major mobile vulnerabilities in the next year.
In the ongoing battle between hackers and security professionals, attackers are increasingly deploying more sophisticated, custom variants of existing malware and zero-days that can bypass traditional sandboxing technology. These new attack vectors require more proactive and advanced solutions that catch evasive malware. CPU-level sandboxing is able to identify the most dangerous threats in their infancy before they can evade detection and infect networks.
Attacks on critical infrastructure
In December 2014, a steel mill in Germany was hit by hackers who accessed the plant’s production network and caused ‘massive’ damage. Also, the US Department of Homeland Security that ‘Havex’ Trojan infections had compromised industrial control systems in over 1,000 energy companies across Europe and North America. Attacks on public utilities and key industrial processes will continue, using malware to target the SCADA systems that control those processes. And as control systems become increasingly connected, this will extend the potential attack surface – which will require better protection.
IoT and smart devices
The Internet of Things is still emerging and is unlikely to make a big impact in 2016. Nevertheless organisations need to think about how they can protect smart devices and prepare themselves for wider adoption of the IoT. The key questions users need to ask is ‘where is my data going?’ and ‘what would happen if someone gets hold of this data?’ A year ago, we discovered a flaw in SOHO routers worldwide that could allow hackers to hijack the router to launch attacks on any devices connected to it – and we will see more of these vulnerabilities in connected devices.
You wear it well
Wearables like smartwatches are making their way into the enterprise, bringing with them new security risks and challenges. There are a number of security concerns about data that is held on smartwatches, or that wearables could even be used by hackers to capture video and audio via mobile remote access Trojans, so organisations that permit these devices need to ensure that they are protected with encryption and strong passwords.
Trains, planes and automobiles
2015 saw the emergence of car hacking, in which the vehicle’s software is hijacked to take control of it. In July, Fiat Chrysler recalled 1.4 million Jeep Cherokee vehicles in the US after security researchers found that they could be hacked via the connected entertainment system. With modern cars featuring more gadgetry and connected systems than ever before, we need to apply protection to these in-car systems – and the same applies to the complex systems in passenger aeroplanes, trains and other forms of public transport.
Real security for virtual environments
Virtualisation has been adopted rapidly in the enterprise over recent years, whether it’s through SDN, NFV or cloud computing. Virtualised environments are complex and create new network layers, and it’s only now that we are seeing a real understanding of how to secure these environments. As organisations move to virtualised environments, security needs to be designed in from the outset to deliver effective protection.
New environments, new threats
2015 has seen the launch of a number of new operating systems, such as Windows 10 and iOS 9. The bulk of enterprise attacks in recent years have been on Windows 7, since adoption of Windows 8 was relatively low, but with Windows 10 experiencing a high uptake driven by the free download available, cyber-criminals will turn their attention to trying to exploit these new operating systems where updates are more frequent and users are less familiar with the environment.
Security consolidation – keep it simple!
To protect against multifaceted threats, security professionals are likely to increase their reliance on centralised security management solutions. With large enterprises having a plethora of different security products on their network, consolidation offers a way of reducing both complexity and cost. Having many point products and solutions quickly becomes unmanageable and can actually impede, rather than improve security, so consolidating security provides an effective way to cut complexity and make for easier management, so that new threats don’t get lost in the gaps between systems.
Second-hand smartphone market booms
The worldwide market for used smartphones is forecast to grow to 332.9 million units, with a market value of $67 billion, in 2023, according to IDC
International Data Corporation (IDC) expects worldwide shipments of used smartphones, inclusive of both officially refurbished and used smartphones, to reach a total of 206.7 million units in 2019. This represents an increase of 17.6% over the 175.8 million units shipped in 2018. A new IDC forecast projects used smartphone shipments will reach 332.9 million units in 2023 with a compound annual growth rate (CAGR) of 13.6% from 2018 to 2023.
This growth can be attributed to an uptick in demand for used smartphones that offer considerable savings compared with new models. Moreover, OEMs have struggled to produce new models that strike a balance between desirable new features and a price that is seen as reasonable. Looking ahead, IDC expects the deployment of 5G networks and smartphones to impact the used market as smartphone owners begin to trade in their 4G smartphones for the promise of high-performing 5G devices.
Anthony Scarsella, research manager with IDC’s Worldwide Quarterly Mobile Phone Tracker, says: “In contrast to the recent declines in the new smartphone market, as well as the forecast for minimal growth in new shipments over the next few years, the used market for smartphones shows no signs of slowing down across all parts of the globe. Refurbished and used devices continue to provide cost-effective alternatives to both consumers and businesses that are looking to save money when purchasing a smartphone. Moreover, the ability for vendors to push more affordable refurbished devices in markets in which they normally would not have a presence is helping these players grow their brand as well as their ecosystem of apps, services, and accessories.”
Worldwide Used Smartphone Shipments (shipments in millions of units)
|Rest of World||136.8||77.8%||245.7||73.8%||12.4%|
Source: IDC, Worldwide Used Smartphone Forecast, 2019–2023, Dec 2019.
Table Notes: Data is subject to change.
* Forecast projections.
Says Will Stofega, program director, Mobile Phones: “Although drivers such as regulatory compliance and environmental initiatives are still positively impacting the growth in the used market, the importance of cost-saving for new devices will continue to drive growth. Overall, we feel that the ability to use a previously owned device to fund the purchase of either a new or used device will play the most crucial role in the growth of the refurbished phone market. Trade-in combined with the increase in financing plans (EIP) will ultimately be the two main drivers of the refurbished phone market moving forward.”
According to IDC’s taxonomy, a refurbished smartphone is a device that has been used and disposed of at a collection point by its owner. Once the device has been examined and classified as suitable for refurbishment, it is sent off to a facility for reconditioning and is eventually sold via a secondary market channel. A refurbished smartphone is not a “hand me down” or gained as the result of a person-to-person sale or trade.
The IDC report, Worldwide Used Smartphone Forecast, 2019–2023 (Doc #US45726219), provides an overview and five-year forecast of the worldwide refurbished phone market and its expansion and growth by 2023. This study also provides a look at key players and the impact they will have on vendors, carriers, and consumers.
Customers and ‘super apps’ will shape travel in 2020s
Customers will take far more control of their travel experience in the 2020s, according to a 2020 Trends report released this week by Travelport, a leading technology company serving the global travel industry.
Through independent research with thousands of global travellers – including 500 in South Africa – hundreds of travel professionals and interviews with leaders of some of the world’s biggest travel brands, Travelport uncovered the major forces that will become the technology enablers of travel over the next decade. These include:
Customers in control
Several trends highlight the finding that customers are moving towards self-service options, with 61% of the travellers surveyed in South Africa preferring to hear about travel disruption via digital communications, such as push notifications on an app, mobile chatbots, or instant messaging apps, rather than speaking with a person on the phone. This is especially important when it comes to young travellers under 25, seen as the future business traveler, and managing their high expectations through technology.
With the threat of super app domination, online travel agencies must disrupt or risk being disrupted. Contextual messaging across the journey will help. Super app tech giants like WeChat give their users a one-stop shop to communicate, shop online, book travel, bank, find a date, get food delivery, and pay for anything within a single, unified smartphone app. Travel brands that want to deliver holistic mobile customer experiences need to think about how they engage travellers within these super apps as well as in their own mobile channels.
In the next year, research shows, we will see an accelerated rate of change in the way travel is retailed and purchased online. This includes wider and more complex multi-content reach, more enriched and comparable offerings, more focus on relevance than magnitude, and an increase in automation that enables customer self-service.
“How customers engage with their travel experience – for instance by interacting with digital ‘bots’ and expecting offers better personalised to their needs – is changing rapidly,” says Adrian Roodt, country manager for Southern Africa at Travelport. “We in the travel industry need to understand and keep pace with these forces to make sure we’re continuing to make the experience of buying and managing travel continually better, for everyone.”
Read the full 2020 Trends report here: 2020 Trends hub.