More Sony-like hacks ahead
It all started with the Target breach disclosure and executive suite fall-out, security moved up as a boardroom issue. Similarly, Sony was the master breach of 2014 that keeps on giving. The breadth of the Sony breaches and the company’s underwhelming cyber attack preparation have surprised everyone. Here is a profitable multi-national with tech roots but yet devotes only 11 staffers to IT security despite its history of breaches. We expect to see other cases where large enterprises experience a vendetta-like series of attacks. Along with those breaches will be lawsuits over data confidentiality and more urgency from enterprises to shore up their data protection tools to avoid liability.
Data residency comes of age
The ongoing Microsoft Irish data center case is up-leveling data residency as another risk for enterprises that send and store sensitive information in the cloud. Many EU regulators have advocated restricting the free flow of data to within national boundaries as a drastic measure for ensuring data residency. However, this parochial approach is unnecessary as technologies like strong encryption and tokenization can address residency without the need for building out dismantling the Internet and cloud infrastructures.
Increased account hijacking of cloud applications
In 2014, businesses moved record amounts of infrastructure and data to the cloud to lower costs and increase agility and competitiveness. This is leading hackers to look beyond attacking relatively well defending banking sites, to attacking secondary public cloud applications that may contain valuable financial and personal data. For example, the recent Dyre and Zeus malware strains focused on stealing account credentials for public cloud applications used by banks. In 2015, we expect to see a dramatic increase in malware threats aimed at compromising public cloud applications, and sensitive data that is inevitably showing up in the cloud.
Shadow IT will lead to data breaches
The explosion of BYOD and end-users finding business applications that bypass IT has introduced a significant new vector for malware and data loss. In 2015, expect to see significant corporate data breaches caused by unsanctioned content sharing applications, as well as new malware strains infiltrating corporate networks. Gain control of shadow IT before it becomes a problem.
Connected devices will increase data exposure
Expect to see data security threats to move beyond corporate networks as workers access corporate data more and more through their connected devices and shadow IT solutions such as dropbox.com 2015 is the year to get your cloud security solution in place.