With each year comes a new set of security risks businesses need to be aware of.
The threats that have seen the most growth over the last year include point-of sale (POS) malware, malware traffic within secure and encrypted HTTPS websites and attacks on computer systems designed to control remote equipment, according to a new study from Dell.
"Everyone knows the threats are real and the consequences are dire, so we can no longer blame lack of awareness for the attacks that succeed," Patrick Sweeney, executive director of Dell Security, said in a statement. "Hacks and attacks continue to occur, not because companies aren't taking security measures, but because they aren't taking the right ones."
The large number of highly publicized POS breaches last year has heighted the need to make sure that businesses that use these devices are properly protecting them. To illustrate the rise in these attacks, Dell notes that its Threat Research Team created 13 POS malware countermeasures in 2014, compared with just three in 2013.
"Malware targeting point-of-sale systems is evolving drastically, and new trends like memory scraping and the use of encryption to avoid detection from firewalls are on the rise," said Sweeney. "To guard against the rising tide of breaches, retailers should implement more stringent training and firewall policies, as well as reexamine their data policies with partners and suppliers."
For many years, businesses thought using a secure HTTPS Web connection protected them from a security breach. That no longer appears to be the case. While the increased number of businesses moving to a more secure Web protocol is a positive trend, hackers have identified ways to exploit HTTPS as a means to hide malicious code, according to Dell. [Don't Be the Next Victim: 5 Cybersecurity Tips to Protect Your Business ]
The study's authors said that since the malware transmitted over HTTPS is encrypted, traditional firewalls fail to detect it.
"Just as encryption can protect sensitive financial or personal information on the Web, it unfortunately can also be used by hackers to protect malware," Sweeney said. "One way organizations mitigate this risk is through SSL-based Web-browser restrictions, with exceptions for commonly used business applications to avoid slowing company productivity."
The third main security threat businesses should be planning for in 2015 is attacks on supervisory control and data acquisition (SCADA) systems, which are mostly used by industrial organizations to control remote equipment and collect data on that equipment's performance.
Attacks against SCADA systems, which tend to target operational capabilities within power plants, factories and refineries, doubled over the last year, according to the report.
"Since companies are only required to report data breaches that involve personal or payment information, SCADA attacks often go unreported," said Sweeney. "This lack of information sharing, combined with an aging industrial machinery infrastructure, presents huge security challenges that will to continue to grow in the coming months and years."
Dell's Threat Report also identified several trends and predictions for the coming year, including the following:
- More organizations will enforce security policies that include two-factor authentication, which will likely increase the number of attacks on these technologies.
- Android will remain a main target for hackers. Dell predicts that new, more sophisticated techniques will be developed to hinder Android malware researchers and users by making the malware hard to identify and research.
- As wearable technology becomes more prevalent, expect to see malware start to target these devices.
- Digital currencies, including Bitcoin, will continue to be targeted.
The data for Dell’s report was gathered by the Dell Global Response Intelligent Defense (GRID) Network, which sources information from a number of devices and resources, including more than 1 million security sensors in more than 200 countries; activity from honeypots in Dell's threat centers; malware/IP reputation data from tens of thousands of firewalls and email security devices around the globe; shared threat intelligence from more than 50 industry collaboration groups and research organizations; intelligence from freelance security researchers; and spam alerts from millions of computer users protected by Dell SonicWALL email security solutions.