Story image

The next big cyber attack target: Education?

16 Dec 15

As the year comes to a close predictions for 2016 are flying in, and the security scene is no exception.

Security analytics firm LogRhythm has outlined what it sees as the biggest trends for the next 12 months.

An uptick in all-in-one home surveillance systems 

We are seeing more motion sensing/camera/recording devices in the home that can be managed through personal devices,” says Simon Howe, sales director at LogRhythm ANZ.

“This type of technology will continue to expand, and with this expansion, hackers will try to exploit them or cause chaos.”

A rise in the use of mobile wallet apps

“Like having virtual money and an ID in one’s pocket, mobile wallet apps are at the intersection of marketing and payments,” Howe says. “And although a mobile wallet is convenient, it is directly tied to one’s mobile phone which is a critical access vector for cyber threats.”

New model of what to protect

 Instead of a mandate to ‘protect everything on the network,’ IT staffs must work more like a unit, centralising and protecting the most critical resources, Howe explains. “This approach moves defense-in-depth to the most critical business components of the organisation.”

Identity access managementThe unsung hero

According to Howe, companies will be investing more money and R&D resources in behaviour-based modelling, analytics and identity access management to track behaviours. “More customers are asking about it, which will motivate the rest of the industry to follow,” he says.

The next big attack target: Education

Howe says the education industry has a plethora of data that cyber criminals want - credit reports, personally identifiable information (PII), donor money, tuition money. “And these institutions are not doing an adequate job of securing all their systems,” he states. “Add to that the myriad ‘customer’ – namely professors, student, parents, administrators – and you have magnified the attack vectors exponentially.”

Emergence of hacking for good

More organisations, like Anonymous, will be leaving the dark side and hacking for the public good,” Howe says.

He says they are more motivated by the notoriety and publicity on social media than for financial gain.

“Teens are learning to program on their own; high schools are introducing technology and coding to get this generation aware of and more proficient in this industry,” Howe explains. “Younger generations are finding coding and programming cool. This is the next gen workforce that we hope will continue to want to positively impact society.”

Security is in a renaissance

Security is a hot space,” Howe says. “And the fact that CISOs are getting a seat in the boardroom is another indication of the importance of this industry for all organisations, regardless of the vertical market,” he adds.

“Many companies still don’t have adequate security infrastructures, awareness or training to defend themselves,” Howe continues. “There will also be consolidation. Companies will either get it or not, and governments will start ramping up regulations.”

Next steps for CISA, open sharing of threat intelligence

Howe says critical infrastructure will emerge as more companies in various sectors, such as energy, financial and healthcare, join in.

“The principle and the intention behind the creation of a more collaborative community for the open sharing of threat intelligence is grand, with two distinct sides of the political aisle,” he says. “We will either see a big push or nothing happen at all.”

Ransomware gaining ground

The ransomware-style of attack is powerful and expanding into Macs and mobile devices, making it easier to target consumers, Howe says. “Criminals can gain big profit by locking down an entire system; victims have no choice but to pay,” he explains. “Although consumers are ripe for the picking, businesses are not immune to this approach.

Vendors need to step up 

According to Howe, despite the running list of breaches, many companies still do not have an adequate security infrastructure to defend itself against cyber criminals. “And we cannot rely on consumers to know how to protect home systems,” he says. “It is up to the security vendors to build better software, systems and patching mechanisms, as well as offer training and services to protect people, companies and their assets.”

SonicWall secures hybrid clouds by simplifying firewall deployment
Once new products are brought online in remote locations, administrators can manage local and distributed networks.
What MSPs can learn from Datto’s Channel Ransomware Report
While there have been less high profile attacks making the headlines, the frequency of attacks is, in fact, increasing.
Cisco expands security capabilities of SD­-WAN portfolio
Until now, SD-­WAN solutions have forced IT to choose between application experience or security.
AlgoSec delivers native security management for Azure Firewall
AlgoSec’s new solution will allow a central management capability for Azure Firewall, Microsoft's new cloud-native firewall-as-a-service.
Kiwis losing $24.7mil to scam calls every year
The losses are almost five times higher compared to the same period last year, from reported losses alone.
How to configure your firewall for maximum effectiveness
ManageEngine offers some firewall best practices that can help security admins handle the conundrum of speed vs security.
Exclusive: Why Australian enterprises are prime targets for malware attacks
"Only 14% of Australian organisations are continuously training employees to spot cyber attacks."
Exclusive: Why botnets will swarm IoT devices
“What if these nodes were able to make autonomous decisions with minimal supervision, use their collective intelligence to solve problems?”