A constant battle of cat and mouse between vendors, their customers and the attackers, the sheer rate of change in the security industry means that predicting the future is difficult.
On the other hand, it is possible to make a few informed predictions about how the industry will shift over the next couple of years.
Industry analyst firm IDC predicts that 87 percent of connected device sales in 2017 will be tablets and smartphones.
So far, we’ve been relatively unscathed from device malware, with the biggest risk being from malware-laden apps, usually targeting Android OS.
With the rapid proliferation of smartphones, however, it is inevitable that we will start to see increasingly advanced malware targeting Android, iOS and Windows users.
We’re also likely to see malware specifically targeted at mobile via email and web browsing – this old tactic will circumvent the security checks that are applied to apps in vendor stores.
Beyond the problem of smartphones and tablets, the rise of the Internet of Things and wearable devices is likely to present another problem for the security industry.
Gartner recently forecast that connected devices (not including PCs, tablets and smartphones), will grow from 0.9 billion in 2009 to 26 billion units in 2020.
This phenomenal rise of connected technologies will undoubtedly be a clear target for cybercriminals looking to capitalise on their newfound access to consumers, businesses and governments.
As cybercriminals focus their efforts on these consumer products, we will also see a move towards attacks on consumer-grade cloud services.
As cloud use grows, we’re likely to hear about more holes that have already been manipulated in cloud services, similar to those reported recently in consumer tools such as Dropbox and LastPass.
At least one of these attacks will eventually be exposed as state-sponsored and this will have a real impact on that particular vendor and competing services.
The issue of state-sponsored cyber attacks will become a growing concern as nations continue to wage cyber warfare in a bid to disrupt competing states and gain a competitive advantage.
As well as potential attacks on consumer-grade cloud providers, this trend could also point towards a direct attack on a major security vendor.
When you consider the huge amount of investment involved in cyber warfare, it is highly likely that at least one major vendor and a key internet-enabled technology will be exposed as having an open backdoor, vulnerable to malware such as Heartbleed.
Whether state-sponsored or not, this vulnerability will undoubtedly be exploited and so will have major repercussions on the security sector and technology industry as a whole.
In addition, recent high-profile security breaches, such as the eBay leak, have revealed that a worrying number of attacks can potentially go undetected for weeks or even months at a time.
It is highly possible that over the next few years this will be a regular occurrence, with attacks reported on target networks that have been resident for years before being discovered.
These attacks will exfiltrate data in new and ingenious ways and are designed hide in plain sight on the host’s system – in email and web traffic, for example – so as to effectively avoid all manner of network scanning and malware detection. They will be increasingly difficult to defend against.
Ultimately, no one can say for certain exactly where and how cyber attacks will be carried out. However it is highly likely that the cat and mouse game between the IT industry, governments and cybercriminals will only pick up speed and attention in the coming years.
IT security experts will have to contend with more diverse threats than ever before and it is only decisive and continuous innovation that will enable us to stay one step ahead.
Sourced from Orlando Scott-Cowley, Mimecast