CSO - With another New Year comes a "new" flurry of predictions across all industries. I say "new" because if we do some homework, we can see that many of these so-called "predictions" are actually spun off of technology trends over the past decade.
But no matter, humans are creatures of habit and thus we will perpetually create shiny new trends and predictions for consumers each year like clockwork. My take on the whole thing, as you have most likely already deduced, is that these pieces are actually not at all innovative, nor are they helpful. Many of them attempt to persuade readers to purchase a product -- usually a vendor-specific one -- to help users avoid said "threats" in the coming year.
Despite all of this, I have pulled together the predictions that will most likely be pushed upon the end user market as "terrifying threats" in 2013 -- along with tips to battle each one with your own common sense.
Frequent unwelcomed guests
If you leave the front door to your house wide open, chances are someone is going to walk in. Well, the same goes for your hardware (and always has).
The top party crasher to look for in 2013 will continue to be mobile malware. One of the developing ways for distribution of this attack is through app stores. Due to vendor-exclusive control over each individual app store, not all of them can staff enough personnel to personally gut each application for the store's own security standards. This means that the free, five-star app in the Apple apps store may contain malicious coding in the Google Play store, and so on.
Want to avoid letting this guest into your device? Read the reviews, pay attention to ratings and don't store pertinent information on your device.
[Also read Bill Brenner's Stop them before they predict again!]
The second unwelcomed guest to keep an eye out for is social media distributed attacks. The Skype-targeted attack Dorkbot opened eyes to this threat in 2012, when accounts were hacked to distribute a link that lead to ransomware.
How can end users avoid this type of attack in 2013?! Simple -- stop clicking on spam-like links that your "friends" would not normally send out. Is the link from someone you barely know, or don't know at all? Great, you've touched on another tip -- stop following strangers on social networks just to boost your own numbers. One of them could be a cybercriminal in disguise, waiting for the right moment to wage war on your machine.
Modern ransom notes climb
It's not rocket science, people. The economy is doing poorly, no matter where you turn. Cybercriminals have found success issuing spam links that lock a user's system in exchange for ransom. Put two and two together, and you have it -ransomware. Criminals are always going to find a way to make money, especially during economic downturns.
Want to protect yourself? Easy! Stop clicking!
What's that buzzing sound?
Is anyone else out there sick of seeing terms like "Advanced Persistent Threat" (APT), "hacktivism" and "BYOD"? So am I, but you can guess there's another flurry of buzzwords just around the corner. Each year, a new "hot" buzzword gives everyone something to clamor about -- vendors and journalists alike.
Let's call it like it is, shall we? BYOD, we're sick of you and you've been around since Y2K. APT, you sound really techy and important, but *most* of today's mass cyberthreats are in fact advanced and persistent. Finally, hacktivism -- you were created to justify a means to an end for hackers.
Marketers beware: We are onto you!
Government plays ball
Remember "Operation Olympic Games", the birth of Stuxnet from the United States and Israeli governments? So do I -- it happened in 2010, and still today we're seeing "innovative" predictions about government-sponsored malware. Is it legal? Well, that's something I'm not inclined to make a statement about, but this is certainly something that we should not be surprised to see more of in 2013. Not to worry -- unless you are a nuclear plant in a targeted country, your machine is safe from these attacks.
Each year predictions are made, and warnings issued. Yet, we still find ourselves surprised when attacked and more unprepared than we thought we were. It's time to apply the same logic we do in the real world when interacting virtually. In 2013 I urge everyone to think before they click and if something doesn't appear to be legitimate it probably isn't.
Dominique Karg is co-founder and Chief Hacking Officer at AlienVault.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts