SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
The next big cyber attack target: Education?
Wed, 16th Dec 2015
FYI, this story is more than a year old

As the year comes to a close predictions for 2016 are flying in, and the security scene is no exception.

Security analytics firm LogRhythm has outlined what it sees as the biggest trends for the next 12 months.

An uptick in all-in-one home surveillance systems 

We are seeing more motion sensing/camera/recording devices in the home that can be managed through personal devices,” says Simon Howe, sales director at LogRhythm ANZ.

“This type of technology will continue to expand, and with this expansion, hackers will try to exploit them or cause chaos.

A rise in the use of mobile wallet apps

“Like having virtual money and an ID in one's pocket, mobile wallet apps are at the intersection of marketing and payments,” Howe says. “And although a mobile wallet is convenient, it is directly tied to one's mobile phone which is a critical access vector for cyber threats.

New model of what to protect

 Instead of a mandate to ‘protect everything on the network,' IT staffs must work more like a unit, centralising and protecting the most critical resources, Howe explains. “This approach moves defense-in-depth to the most critical business components of the organisation.

Identity access managementThe unsung hero

According to Howe, companies will be investing more money and R-D resources in behaviour-based modelling, analytics and identity access management to track behaviours. “More customers are asking about it, which will motivate the rest of the industry to follow,” he says.

The next big attack target: Education

Howe says the education industry has a plethora of data that cyber criminals want - credit reports, personally identifiable information (PII), donor money, tuition money. “And these institutions are not doing an adequate job of securing all their systems,” he states. “Add to that the myriad ‘customer' – namely professors, student, parents, administrators – and you have magnified the attack vectors exponentially.

Emergence of hacking for good

More organisations, like Anonymous, will be leaving the dark side and hacking for the public good,” Howe says.

He says they are more motivated by the notoriety and publicity on social media than for financial gain.

“Teens are learning to program on their own; high schools are introducing technology and coding to get this generation aware of and more proficient in this industry,” Howe explains. “Younger generations are finding coding and programming cool. This is the next gen workforce that we hope will continue to want to positively impact society.

Security is in a renaissance

Security is a hot space,” Howe says. “And the fact that CISOs are getting a seat in the boardroom is another indication of the importance of this industry for all organisations, regardless of the vertical market,” he adds.

“Many companies still don't have adequate security infrastructures, awareness or training to defend themselves,” Howe continues. “There will also be consolidation. Companies will either get it or not, and governments will start ramping up regulations.

Next steps for CISA, open sharing of threat intelligence

Howe says critical infrastructure will emerge as more companies in various sectors, such as energy, financial and healthcare, join in.

“The principle and the intention behind the creation of a more collaborative community for the open sharing of threat intelligence is grand, with two distinct sides of the political aisle,” he says. “We will either see a big push or nothing happen at all.

Ransomware gaining ground

The ransomware-style of attack is powerful and expanding into Macs and mobile devices, making it easier to target consumers, Howe says. “Criminals can gain big profit by locking down an entire system; victims have no choice but to pay,” he explains. “Although consumers are ripe for the picking, businesses are not immune to this approach.

Vendors need to step up

According to Howe, despite the running list of breaches, many companies still do not have an adequate security infrastructure to defend itself against cyber criminals. “And we cannot rely on consumers to know how to protect home systems,” he says. “It is up to the security vendors to build better software, systems and patching mechanisms, as well as offer training and services to protect people, companies and their assets.