With 2015 just one day away, it's important to take a look at what types of cyberthreats and attack methods enterprises will be facing in the new year. This past year was one of the worst on record for cybersecurity, and many experts believe next year will be even worse.
"If you asked a person on the street what the top three or four biggest cybersecurity issues were this year, they'd name the same things people in the [security] industry who eat, sleep and breathe this stuff would say," said Hugh Thompson, chief security strategist for IT security firm Blue Coat, in an interview with NBC News. "I can tell you it's never been that way before."
Keep reading to see six of the top cybersecurity threats for 2015:
Social engineering and phishing schemes
In 2014, cybercriminals began to frequently utilize phony messages that look legitimate in order to trick victims into clicking on malicious links or attachments. As people continue to share increasing amounts of data about themselves online, these types of attacks will be more popular as it becomes easier to craft convincing emails with information readily available online. Advanced toolkits that help attackers craft realistic messages are also easier to find, allowing scammers to use a company's real logo or font in a phishing email to trick readers.
Cybersecurity expert Marc Rogers told NBC News that the best way to avoid falling for a phishing email is to never click on any links in messages, but that probably isn't realistic for most. For those who just have to click, Rogers suggests hovering a mouse over the hyperlink to see what website you'll be taken to before you click.
Ransomware has been around for a few years now and has become a go-to method for malicious actors looking to make a quick buck off of stolen data. The malicious software infects a device, locks up the files contained within and then demands payment from the victim in exchange for the stolen data.
Because this attack method has proven so successful in the past, security experts believe this will encourage cybercriminals to increase the use of ransomware in 2015. A growing number of ransomware attacks have been leveraged against mobile devices recently, suggesting the technique will start to target a broader range of endpoints. Backing up critical data is really the only way to ensure ransomware won't do away with privileged information, but that won't stop an organization from being infected with the software in the first place. Just as with phishing schemes, make sure to be selective of what links are clicked on and what attachments are opened incase they may be malicious.
Increased POS attacks
Everyone knows how devastating the massive retail breaches of 2014 were, with hundreds of millions of customer accounts being compromised due to malware-infected point-of-sale systems. Cybersecurity industry experts suggest that this type of attack will continue with increased fervor in the new year because many retailers still haven't upgraded their payment terminals to accept the new chip and pin cards. Until more secure credit card technology is implemented in stores across the country, cybercriminals will keep targeting POS systems because of the valuable financial information stored within.
As evidenced by the widespread damage caused by the hack against Sony Pictures Entertainment last month, cyber espionage can be devastating for companies that are unprepared. Other countries realize this and have started using cyber espionage more frequently as a tool to attack the U.S. and other enemies without human casualties.
"Experts have been calling it a 'cyber Cold War' for some time, and that's only ramping up quickly," said Chris Petersen, CTO and co-founder of LogRhythm. "Nation-states both weak and strong see cyberattacks as a weapon to counter the global influence of the U.S."
Attacks targeting healthcare
While many were focused on the breaches that occurred at retailers like Home Depot and Target or major intrusions at companies like Sony and JPMorgan Chase, some of the worst cyberattacks in 2014 happened to healthcare organizations. This trend is likely to continue in 2015 as electronic health records become more popular and an increasing amount of sensitive patient information is stored online.
Medical identity theft is one of the most dangerous forms of fraud out there, as the victim's health information can get mixed in with the thief's and major problems can occur for insurance benefits and patient care.
Zero-day vulnerabilities utilized more frequently
Major program flaws and exploits that were exposed this year, like Heartbleed and Shellshock, were able to be leveraged because much of the development of new software is built upon the foundation of open-source programming like Open SSL that was created before cybercriminals began looking into source code to create attack methods. As legacy software and programs continue to be utilized in the enterprise, cybercriminals will rely more heavily on zero-day flaws to cause damage and steal sensitive information because it is much more difficult to defend against than malicious software.
Protecting enterprise data in 2015
For organizations looking to start the new year off right with reliable network defenses, the best method to employ in order to ensure enterprise security is continuous network monitoring. By implementing a security information and event management solution, companies are able to keep track of activity on privileged systems around the clock.
With a Managed SIEM service, a third-party provider constantly monitors enterprise networks to protect against malicious activity and analyzes system behavior to identify any security instructions. Companies are provided with comprehensive feedback from that analysis in order to create a more comprehensive and effective defense strategy. The threat landscape is only going to become more dangerous for businesses in 2015, but a SIEM solution can help to prepare for what's ahead.