15 December 2014

Is 2015 the year cyber security shows its human side?

Ben Rossi
10 December 2014


'No hardware or software defence can stop a determined human'

With growing tensions between the West and both Russia and China, 2015 will undoubtedly see more skirmishes in the global cyber war.

Targeted attacks should and will remain a top concern for businesses and nations alike, with NATO recently conducting digital war games and 65% of IT professionals citing them as a priority.

With countries rapidly waking up to the need to defend their cyber interests, we may well see new players enter the stage next year. The current controversy between North Korea and Sony Pictures shows that any state can become a significant threat in cyber space when it dedicates its best and brightest people to the cause – even if its technology is limited.


2015 will also be the year we realise APTs are being used as a marketing tool. Many security companies claim to solve the threat of targeted attacks, but the reality is that a persistent, resourceful attacker who efficiently surveils an organisation will always find a way in.

No hardware or software defence can stop a determined human. In most cases, victims won’t even know they’ve been breached until the attacker shows their hand.

Cybercrime will evolve

During 2015, organisations will realise just how ineffective traditional anti-virus tools are. New types of elite malware and zero day attacks that cannot be stopped by technology-led security will become increasingly common – such as obfuscation tools, or ‘crypters’, which enable malware writers to bypass signature-based detection. Ultimately if an attacker wants to compromise your machine, they can.

Meanwhile, criminals will continue to have little difficultly in recruiting talented individuals to their cause. The bad guys often have the smartest and most determined people, and they are well motivated to hone their skills given the potential profits from cybercrime.

The potential attack surface for cyber criminals will also increase exponentially next year. We’ve already seen the number of attack avenues multiply rapidly as organisations adapted to trends like remote access, BYOD and cloud – but wearable technology and the Internet of Things will shift this into overdrive.

Today, 25% of companies are rolling out wearable tech in the workplace but 85% also see it as a security risk. In the coming year, organisations must ask how they can ensure watertight data protection when employees can take photos at the flick of a wrist, record conversations instantly or capture data via Bluetooth.

The march of technology is inevitable and we can’t put our heads in the sand. With BYOD, we’ve already seen that bans proved ineffective and employees brought devices in anyway.

Attempting to stop this behaviour actually made the situation worse – employees would just bring devices in under the radar and outside of any security policy, creating unmanaged risk.

The risk posed by wearable tech is not yet clear. It may offer another avenue of attack, but in many cases this will depend on the specific device as much as the person using it.

In 2015, organisations will finally realise this is not a “fixable” problem. Instead, they’ll move to a risk-based approach to security: assessing the capabilities of new devices individually and then mitigating any danger to an acceptable level.

Informed security

Organisations will not sit quietly by in the face of these security challenges. In 2015, intelligence-driven security will become a mainstream reality.

Businesses will move away from focusing on technology-driven solutions and start to counter threats proactively by applying the right people and processes to focus time and expertise where it’s needed most.


Organisations will move towards more active defences that assess vulnerabilities inside and the threats outside to inform security strategies – enabling organisations to identify and mitigate breaches more quickly. 

Human expertise, cloud connectivity and big data analytics will come together to deliver truly contextual security, analysing vast volumes of data to extract vital security intelligence in real-time and isolating the 1% of threats businesses need to worry about.

Human capital

Finally, 2015 will be dominated by a war for talent. The need to apply human expertise to the security equation will become obvious to both attackers and defenders. Access to the best and brightest people will be a critical factor in determining who stays ahead in the cyber arms race. It only remains to be seen which side will prove more attractive.

Either way, the number of attacks will increase exponentially. With breaches doubling every year, 2014’s trickle of lost jobs and damaged reputations from compromises will become a flood.

Ultimately, 2015 will be the year when security stopped being a problem for some people and become a problem for everyone.

No comments: