Websense Security Labs has outlined their 2015 top Cybersecurity predictions for global businesses.
# The healthcare sector will see an increase in data stealing attack campaigns. In an environment still transitioning millions of patient records from paper to digital form, many organizations are playing catch-up when it comes to the security challenge of protecting personal data.
# Attacks on the Internet of Things (IoT) will focus on businesses, not consumer products. As the IoT accelerates the connectivity of everyday items, proof-of-concept hacks against refrigerators, home thermostats and cars have been widely reported. The real threat from IoT will occur in a business environment over consumer. Every new internet-connected device in a business environment further increases a business attack surface. In 2015, manufacturing and industrial environments, in particular, are likely to see an increase in attack volume.
# Credit card thieves will morph into information dealers. As the retail sector escalates their security measures such as Chip and PIN technology are mandated, look for cybercriminals to accelerate the pace of their credit card data theft. In addition, these criminals will begin to seek a broader range of data about victims.
# Mobile threats will target credential information more than the data on the device. With the auto-login capability of mobile apps, mobile devices will increasingly be targeted for broader credential-stealing or authentication attacks to be used at a later date. These attacks will use the phone as an access point to the increasing Cloud-based enterprise applications and data resources that the devices can freely access.
# New vulnerabilities will emerge from decades-old source code. OpenSSL, Heartbleed and Shellshock all made headlines this year, but have existed within open source code for years, waiting to be exploited. The pace of software development demands that new applications are built on open source, or legacy proprietary source code. Next year, attackers will exploit divergent application software through vulnerabilities in the old source code that these applications share.
# Email threats will take on a new level of sophistication and evasiveness. Though the Web remains the largest channel for attacks against businesses, new sophisticated email evasion techniques will be introduced and designed to circumvent the latest enterprise-grade defenses. Email will become a more pervasive element of other stages of an attack, including the reconnaissance stage.
# As companies increase access to Cloud and social media tools, command and control instructions will increasingly be hosted on legitimate sites. Criminals will use social and collaborative tools to host their command and control infrastructure. Those charged with protecting business from attack will have a difficult time discerning malicious traffic from legitimate traffic when communications to Twitter and Google Docs are not only allowed, but also encouraged.
# There will be new players on the global cyber espionage / cyber war battlefield.