The threat landscape has become far more dangerous for companies over the past year. Hackers are getting both smarter and smoother at finding threats and exploiting them, while corporations are ever more reliant on increasingly complex computing systems.
This trend is set to continue next year, as hackers look for even more ways to make money. So what do the experts think we should be watching out for as the New Year rolls around?
1. Growing ambitions for ransomware
This year saw massive growth in ransomware, malware that locks up a victim’s computer or phone until they pay the hacker to release it. CryptoLocker, a prominent example, became so prevalent that international police shut down its distribution botnet earlier this year, but that does not mean the danger is over.
"Though Cryptolocker has been largely disabled, Cryptowall and other forms of PC ransomware are spreading by multiple vectors," said Andrew Conway, a researcher at security firm Cloudmark. He noted that a spread on mobile was a potential problem, while raising the possibility that entire corporate databases might also be encrypted for ransom.
2. More states build cyber-militaries
Computer spying has mostly been dominated by the superpowers of the 20th century, namely the US, UK, Russia and China. Yet as public awareness rises and technology costs fall the opportunity for smaller players to become involved in the business increases, with unfortunate implications for industry and governments.
"Small nation states and foreign terror groups will take to cyberspace to conduct warfare against their enemies," said Ryan Sherstobitoff, threat researcher at McAfee. "They will attack by launching crippling distributed denial of service attacks or using malware that wipes the master boot record to destroy their enemies’ networks."
3. Cloud risks abuse from hackers
Apple received heavy criticism earlier this year for its storage service iCloud’s role in the naked celebrity photo scandal, popularly known as The Fappening. According to Zimperium, a mobile security firm, attacks on cloud assets are likely to quadruple next year as adoption of off-site IT increases.
"The risk will widen to the enterprise, of course, due to cloud technologies becoming more widespread," the company said. However this does not mean on-premise is safe. As Bob Tarzey, director at research firm Quocirca said, some cloud services are far better protected than the systems of their customers.
4. Desktop malware to go mobile
We have already seen some devastating mobile threats this year, amid growing privacy concerns over the capabilities of smartphones. A report by Kaspersky Lab, a security company, showed that banking trojans for mobiles were of particular concern, especially as more people check their accounts through their phones.
"In 2015, attackers will find new ways to monetise mobile infections," said WatchGuard, another security vendor. Ransomware, mentioned above, is one such threat, but hackers will also look to steal intellectual property and customer data from phones, and workers may put their firms at risk just by leaving the devices on the Tube.
5. Wearables extend BYOD threat
Tech is abuzz with excitement about wearables, which will soon mean that workers are bringing in all manner of connected devices to their workplace. "Over two-thirds (69%) of enterprise IT leaders say staff bring wearables to work and 91% claim these numbers will increase over the coming year," said Raimund Genes, CTO at security firm Trend Micro.
Unsurprisingly, the cybersecurity industry is less than thrilled that the number of endpoints they must secure is about to rise uncontrollably. "We think there is no silver bullet to the problem," Genes said. "Organisations need to find out how much data wearables are collecting and work out what is an acceptable level of risk bearing in mind any industry regulations."
6. Rising zero day bugs
This year saw the emergence of Heartbleed and Shellshock, two zero day bugs that had been lurking in code for years unseen, and prompted a panic after they were publicly disclosed. As technology increases in complexity it is only likely that we will see more overlooked flaws, according to the security firm McAfee.
"We saw a decline in the number of vulnerabilities from 2006-2011, but that’s no longer the case," said Igor Muttik and François Paget, security researchers at the company. They added that the recent rise reflects improved exploit techniques, including the spoofing of software stacks and a deeper view into 64-bit systems.