Story image

The next big cyber attack target: Education?

16 Dec 2015

As the year comes to a close predictions for 2016 are flying in, and the security scene is no exception.

Security analytics firm LogRhythm has outlined what it sees as the biggest trends for the next 12 months.

An uptick in all-in-one home surveillance systems 

We are seeing more motion sensing/camera/recording devices in the home that can be managed through personal devices,” says Simon Howe, sales director at LogRhythm ANZ.

“This type of technology will continue to expand, and with this expansion, hackers will try to exploit them or cause chaos.”

A rise in the use of mobile wallet apps

“Like having virtual money and an ID in one’s pocket, mobile wallet apps are at the intersection of marketing and payments,” Howe says. “And although a mobile wallet is convenient, it is directly tied to one’s mobile phone which is a critical access vector for cyber threats.”

New model of what to protect

 Instead of a mandate to ‘protect everything on the network,’ IT staffs must work more like a unit, centralising and protecting the most critical resources, Howe explains. “This approach moves defense-in-depth to the most critical business components of the organisation.”

Identity access managementThe unsung hero

According to Howe, companies will be investing more money and R&D resources in behaviour-based modelling, analytics and identity access management to track behaviours. “More customers are asking about it, which will motivate the rest of the industry to follow,” he says.

The next big attack target: Education

Howe says the education industry has a plethora of data that cyber criminals want - credit reports, personally identifiable information (PII), donor money, tuition money. “And these institutions are not doing an adequate job of securing all their systems,” he states. “Add to that the myriad ‘customer’ – namely professors, student, parents, administrators – and you have magnified the attack vectors exponentially.”

Emergence of hacking for good

More organisations, like Anonymous, will be leaving the dark side and hacking for the public good,” Howe says.

He says they are more motivated by the notoriety and publicity on social media than for financial gain.

“Teens are learning to program on their own; high schools are introducing technology and coding to get this generation aware of and more proficient in this industry,” Howe explains. “Younger generations are finding coding and programming cool. This is the next gen workforce that we hope will continue to want to positively impact society.”

Security is in a renaissance

Security is a hot space,” Howe says. “And the fact that CISOs are getting a seat in the boardroom is another indication of the importance of this industry for all organisations, regardless of the vertical market,” he adds.

“Many companies still don’t have adequate security infrastructures, awareness or training to defend themselves,” Howe continues. “There will also be consolidation. Companies will either get it or not, and governments will start ramping up regulations.”

Next steps for CISA, open sharing of threat intelligence

Howe says critical infrastructure will emerge as more companies in various sectors, such as energy, financial and healthcare, join in.

“The principle and the intention behind the creation of a more collaborative community for the open sharing of threat intelligence is grand, with two distinct sides of the political aisle,” he says. “We will either see a big push or nothing happen at all.”

Ransomware gaining ground

The ransomware-style of attack is powerful and expanding into Macs and mobile devices, making it easier to target consumers, Howe says. “Criminals can gain big profit by locking down an entire system; victims have no choice but to pay,” he explains. “Although consumers are ripe for the picking, businesses are not immune to this approach.

Vendors need to step up 

According to Howe, despite the running list of breaches, many companies still do not have an adequate security infrastructure to defend itself against cyber criminals. “And we cannot rely on consumers to know how to protect home systems,” he says. “It is up to the security vendors to build better software, systems and patching mechanisms, as well as offer training and services to protect people, companies and their assets.”

New threat rears its head in new malware report
Check Point’s researchers view Speakup as a significant threat, as it can be used to download and spread any malware.
Oracle updates enterprise blockchain platform
Oracle’s enterprise blockchain has been updated to include more capabilities to enhance development, integration, and deployment of customers’ new blockchain applications.
Used device market held back by lack of data security regulations
Mobile device users are sceptical about trading in their old device because they are concerned that data on those devices may be accessed or compromised after they hand it over.
Gartner names ExtraHop leader in network performance monitoring
ExtraHop provides enterprise cyber analytics that deliver security and performance from the inside out.
Symantec acquires zero trust innovator Luminate Security
Luminate’s Secure Access Cloud is supposedly natively constructed for a cloud-oriented, perimeter-less world.
Palo Alto releases new, feature-rich firewall
Palo Alto is calling it the ‘fastest-ever next-generation firewall’ with integrated cloud-based DNS Security service to stop attacks.
The right to be forgotten online could soon be forgotten
Despite bolstering free speech and access to information, the internet can be a double-edged sword, because that access to information goes both ways.
Opinion: 4 Ransomware trends to watch in 2019
Recorded Future's Allan Liska looks at the past big ransomware attacks thus far to predict what's coming this year.