Last year was the year of the cyber attack. Operation Ababil by Cyber Fighters of Izz ad-Din Al-Qassam, Adobe’s massive data breach and the widely publicized attack on The New York Times by the Syrian Electronic Army are just a few of the attacks that showcased major security vulnerabilities in the enterprise. Radware®(NASDAQ: RDWR), a leading provider of application delivery and application security solutions for virtual and cloud data centers, conducted an in-depth analysis of last year’s attack methods and successful defense techniques. From this analysis, Radware’s Emergency Response Team (ERT) predicts the top network security threats that the industry will face in 2014.
“2013 was the year of hackers, hacktivists and cyber warriors. Not only will current threats continue to evolve, but new and advancing technologies like SDN and cloud computing pose new threats to businesses of all type and sizes,” said Motty Alon, director of security solutions at Radware. “Radware’s ERT has closely examined the evolution of cyber attacks and security threats in the last year, and through intense investigation, has found that 2014 will be an even more brutal year for security. This is a wake-up call for the enterprise to place a higher priority on proactive network technology strategy.”
Click through for the top five network security trends expected in 2014, as identified by Radware.
Surge in critical infrastructure outages
Advanced countries are more likely to experience widespread cyber-attack disruptions to critical infrastructure services including: power generation; water supply; cellular, telephone and/or television (cable) delivery services; and police or first responder networks.
Rise in cyber-hostage incidents
There has been a long history of cyber-ransom activity, however, 2014 will break new ground whereby nefarious groups will take digital assets or services as hostage and commandeer these services until certain demands are met, financial and beyond.
Encryption as a mass weapon
Hackers are using encryption to obscure communication in which illegally-obtained sensitive information is sent outside of the organization. With a small portion of organizations decrypting outbound SSL encrypted messages, 2014 will see an increasing use of encrypted messages for malicious activities.
First-ever SDN attacks
While promising to positively disrupt business-as-usual networking, SDN will be exposed to some unique security vulnerabilities that the framework introduces such as disruption to control-plane communications. As traditional network devices were autonomous, the SDN controller is now accessible by a variety of systems, which opens a new and greater risk to SDN.
Adoption of cyber attack laws, including nationalistic rules
Faced with an ever increasingly dissatisfied and frustrated constituency and state-sponsored espionage, governments will begin the process of setting laws around cybersecurity. Governments will begin to dictate network traffic flows, security levels at critical infrastructure companies, and acceptable data processing domiciles, as well as provide rules on what constitutes acceptable Internet behavior. The U.S. government’s Executive Order 13636, “Executive Order — Improving Critical Infrastructure Cybersecurity,” is an example of a preliminary step into this adoption of laws, and it will turn into more practical guidelines in 2014.