Embed Size (px)
Citation preview
Top 5 Internet Security Threats for 2015
More Insider Breaches
Source PwC
Top Offenders of Insider Crimes 201435% are current employees
30% were former employees
18% are current service providers/consultants/contractors
15% were current service providers/consultants/contractors
13% are suppliers and business partners
11% are customers Source: PwC
Social Engineering Attacks Will Increase
Social Engineer Hackers Also Use Open Source Intelligence
(OSINT) Tools Creepy is a creepy tool that targets victim geolocation information through social networking platforms and image hosting services.
Maltego is an intelligence and forensics app and is useful to map an organization’s employees and relationships.
FoxOne Scanner is a webserver reconnaissance scanner that is non-invasive and non-detectable.
Stalker reconstructs all captured traffic from both wired and wireless networks and builds a complete profile of the target.
Spiderfoot is a footprinting tools that targets a domain name, IP address [netblock], or hostname, using 40 OSINT data sources to provide data on the target.
These are just a fraction of the OSINT tools that can be used to gather information on a target
Healthcare data will become increasingly valuable to hackers
Personally Identifiable Information
[PII] will be hot mama in 2015
Data security has never been a top priority for many healthcare organizations, and IT budgets are low in comparison to other industries.
Healthcare records hold a mother lode of PII data that can be used for resale in the black market.
Healthcare records contain vital data on the identity of the individual and are often linked to financial information.
Healthcare workers often share passwords and workstations.
Websense observed a 600 percent increase in attacks on hospitals during a 10 month period [from October 2013-August 2014].
Cyber-criminals will increase cyber-attacks on hospital networks in 2015.
Source:s MIT Technology Review | Security Week
“Many of the stories regarding healthcare information security
breaches have been due to the negligence of
staff.” – Dell, SecureWorks
More Reputation Sabotage
Reputation will become the new target for cyber attacks in
2015Employee badmouthing has never been easier. A disgruntled employee can become your worst nightmare on social media or in the press.
Negative reviews can pop up on high traffic sites such as City search, Glassdoor, Google reviews, Ripoffreport.com and Yelp – to name a few.
Hacked emails and the high-jacking of corporate social media accounts will increase.
Commercial reputation is important in light of social media buzz. Brand maintenance will be integral in 2015.
Insider activists will continue to leak company information, and hacktivist collectives will gain more ground in 2015.
Companies should carefully monitor their online reputation and have a strategic plan in place that can
address reputation sabotage .
"More insiders will emerge as more people place their own ethics and perspectives above those of their employers. Criticism will go viral and those that come from credible insiders will spread faster."
--Information on Security Forum (ISF)
More Crime as a Service (CaaS)
Criminals value your information
CaaS attacks will become more innovative and sophisticated.
Unemployed and disgruntled employees will form a talent pool for criminal groups to gather information needed for these attacks.
Organizational profiles will include details about vulnerabilities or knowledge of business operations.
Criminals will get better at combining OSINT tools with information obtained from intrusion and data leaks.
New attacks, both physical and virtual, will target individuals based on their ability to provide access and information about their organization to the bad guys.
Cyber-criminals are highly motivate d to obtain company information, or to utilize data leaks.
Source: Information Security Forum: Threat Horizon 2015
“Most services offered in the underground are characterized by their ease of use and a strong customer orientation. They typically have a user-friendly administration console and dashboard for the control of profits.”
--Infosec Institute
What is your prediction for the top 2015 IT security threats currently
brewing?
