Setting the Standard

Innovation Through Collaboration

ITSCs Quarterly Newsletter - April 2015

Security Threat Trends to Watch in 2015

The article originally appeared as Sophos whitepaper

In This Issue

Global IT security vendor Sophos has released its latest threat trends report which
investigates the biggest security risks on the horizon and explains the real-world
impact of evolving threats on both businesses and consumers.
Here are the highlights:
1. Exploit mitigations reduce the number of useful vulnerabilities
Spam used to be the key means of spreading malware but today, cybercriminals
are leveraging web-based infection and browser based exploits. On a brighter note,
Microsoft has developed exploit mitigation such as Data Execution Prevention (DEP)
and Address Space Layout Randomization (ASLR), and developed improvements
in Windows 8 and Windows 8.1. As the difficulty of exploitation increases, exploits
in high value target applications such as Internet Explorer on high value platforms
such as Windows 7 are becoming more rare.
2. IoT attacks become mainstream risks
In 2014, there were several examples of IoT manufacturers not implementing basic
security standards. At the moment, IoT has not been exploited much by cybercriminals
as they have yet to find a business model and monetise from it. Moving forward, as
use cases become more diverse and if vendors do not fix security issues in time, IoT
is set to become a mainstream threat.
3. Encryption becomes the norm but not all will warm up to it
Following revelations of intelligence agency spying and high profile data breaches,
encryption is finally becoming a default in the industry. For example, many Androidbased applications today use encryption to protect data, though not all have
implemented them correctly. Meanwhile, some law enforcers and intelligence
agencies believe that data encryption will adversely impact citizen security. They
will face the challenge of striking a balance between their security goals and citizen
privacy.
4. The discovery of more major software flaws that evaded notice
Heartbleed and Shellshock, major bugs outside the standard Microsoft platforms,
headlined the security landscape in 2014. This has piqued cybercriminals interest in
typically less considered software and systems. Expect to see more discoveries of
significant insecure code emerge this year, and while most will not reach the same
severity as Heartbleed and ShellShock, they will still be an interesting challenge for
businesses.

Cybersecurity in the IoT Age

By Information Technology Standards Committee

Tackling the Local Talent Crunch Nurturing the

Next-Generation of Infocomm Security Talent
By Information Technology Standards Committee

Security Threat Trends to Watch in 2015

The article originally appeared as Sophos whitepaper

Standards News
By Information Technology Standards Committee

5. Regulatory landscape forces greater disclosure and liability

After years discussing mandatory breach disclosure, data protection officers, and
fines, the European Union is on the brink of implementing new standards in 2015,
with enforcement commencing in 2016. These changes are set to trigger other
forward-thinking data protection regulations in other jurisdictions and nations.
6. Attackers have stronger focus on mobile payment systems
Mobile payment systems gained traction when Apple rolled out Apple Pay in 2014.
Current designs have strong security features such as special hardware that
makes it hard to extract information and the use of a PIN, password or fingerprint
for authentication. Cybercriminals will definitely search for flaws in these systems,
especially as adoption increases.
PREV

NEXT

Information Technology Standards Committee

c/o 10 Pasir Panjang Road #10-01 Mapletree Business City Singapore 117438
Call +65 6211 0888 | Fax +65 6659 2507 | Email itsc_secretariat@itsc.org.sg | Web www.itsc.org.sg