CybersecurityBusinesses brace for more, and more sophisticated, cyberattacks in 2015

The recent Sony Pictures hack is one more reason for industries to prepare for a series of cyberattacks which will likely occur in 2015. From massive data leaks to distributed denial-of-service (DDoS) attacks, hackers will continue to find vulnerabilities within targeted network systems. Cybersecurity firms, including Symantec Malaysia, are recommending more ways to help clients defend themselves from such attacks.

“In 2015, attackers will continue to look for new vulnerabilities so that they can ‘hack the planet’,” says Nigel Tan, Symantec Malaysia’s director of systems engineering.

The Star reports that as e-commerce and Internet banking gains more popularity, cybercriminals will exploit multiple vulnerabilities, keeping in mind that new e-commerce platforms are not as likely to invest in cybersecurity measures as their more seasoned counterparts. “Cyber criminals don’t discriminate when it comes to vulnerabilities. They go across the board but as they are opportunists, they will go where it is easy and has the biggest reward,” said Tan.

Even firms with the most sophisticated security systems can fall victim to cyberattacks. Such was the case with JPMorgan Chase & Co., when hackers breached the bank’s digital infrastructure, compromising the accounts of at least seventy million households and seven million small businesses. Recently, people with knowledge of the review of the attack said the breach, which occurred after cybercriminals stole a bank employee’s login credentials, might have been prevented had JPMorgan ensured all of its servers were installed with a two-layered security system (two-factor authentication), like most banks rely on.

“It is disappointing, really, for a bank to be spending around $250 million a year on computer security to guard against deadly attacks, only to be intruded in the wake of a lapse in concentration,” wrote Bidness News.

The growing popularity of mobile devices for the workplace also brings about new vulnerabilities that cybercriminals will exploit. Cybersecurity firms are advising companies to remind employees to frequently update passwords used for mobile enterprise applications. “Many companies still do not have their privacy policies in place – to say what can be stored and what cannot be stored, and how to use the application,” Tan said, adding that “for example, if you want to use the file-sharing application that syncs all your devices, you would need to dictate what can and cannot be up there – maybe intellectual property or personal data of your staff with sensitive information cannot be put up there.”

As mobile devices become increasingly connected to home security systems and even vehicles, cybercriminals will begin to target mobile applications. Mobile users must regularly educate themselves when giving up privacy in exchange for these applications. “While many Internet users are reluctant to share banking and personal identifiable information online, they are willing to share information about their location, access to photos, contact lists and fitness information for free mobile apps,” Tan said.

Should an organization be attacked by cybercriminals, firms must inform the public when such a breach has the potential to affect customer information. Doing so will empower the public to take steps to protect themselves by changing passwords and making regular updates to secure their personal data.