Georgia Tech released a report earlier this week that carries warnings about likely security threats in the coming year. Make no mistake, as security experts work to overcome well-known threats and render them less effective, there is an community of individuals hard at work doing what they can to steal private information and use it to their advantage.
The topics that the report outlines are:
- The Mobile Threat Vector: Mobile browsers and mobile devices increasing reliance on browser implementations, keeping mobile devices secure and updated with the latest patches, increasing threats against Android and iOS, and the need for a strong mobile security program.
- Botnets: increased usage of botnets to gather large volumes of information and finding entry points into internal information systems.
- Controlling Information Online: Personalization and risk of unintended censorship, cross-site data gathering based on personalized data profiles, malicious influence and manipulation of search engine results, and digital certification manipulation.
- Advanced Persistent Threats: Threats that adapt to security measures and continue attacking until goals are reached, human error and weak passwords remain a top concern, and the likelihood that nation-states will user cyber channels to attack adversaries.
With all the advancement in malicious technology, it still isn’t surprising that a top concern is that human error still remains a significant threat. With mobile usage increasing, educating one’s self on basic security measures should remain a top priority. Companies can help their customers avoid unintended data loss by requiring secure passwords and implementing policies to require periodic password changes and notification of site access from new devices.
Online retailers should pay particular attention to ensuring their sites are not only PCI DSS compliant, but that any partner sites follow comparable security standards based on their country’s security and privacy guidelines. This includes ensuring that any third-party software used as part of an implementation has passed rigorous testing including the PA DSS certification, if applicable. Frequent security scans should also be conducted — and not just quarterly as some guidelines recommend. At any time there is a new software release, patch or any modification to code, a new scan should be performed to ensure the site continues to meet security standards.
Of course, there is no guarantee that following good security practices will keep an individual or a company protected from attacks. However, having security programs in place and active are the best possible preventative measure.
The original report from Georgia Tech is available here.