Escolar Documentos
Profissional Documentos
Cultura Documentos
In This Issue
Global IT security vendor Sophos has released its latest threat trends report which
investigates the biggest security risks on the horizon and explains the real-world
impact of evolving threats on both businesses and consumers.
Here are the highlights:
1. Exploit mitigations reduce the number of useful vulnerabilities
Spam used to be the key means of spreading malware but today, cybercriminals
are leveraging web-based infection and browser based exploits. On a brighter note,
Microsoft has developed exploit mitigation such as Data Execution Prevention (DEP)
and Address Space Layout Randomization (ASLR), and developed improvements
in Windows 8 and Windows 8.1. As the difficulty of exploitation increases, exploits
in high value target applications such as Internet Explorer on high value platforms
such as Windows 7 are becoming more rare.
2. IoT attacks become mainstream risks
In 2014, there were several examples of IoT manufacturers not implementing basic
security standards. At the moment, IoT has not been exploited much by cybercriminals
as they have yet to find a business model and monetise from it. Moving forward, as
use cases become more diverse and if vendors do not fix security issues in time, IoT
is set to become a mainstream threat.
3. Encryption becomes the norm but not all will warm up to it
Following revelations of intelligence agency spying and high profile data breaches,
encryption is finally becoming a default in the industry. For example, many Androidbased applications today use encryption to protect data, though not all have
implemented them correctly. Meanwhile, some law enforcers and intelligence
agencies believe that data encryption will adversely impact citizen security. They
will face the challenge of striking a balance between their security goals and citizen
privacy.
4. The discovery of more major software flaws that evaded notice
Heartbleed and Shellshock, major bugs outside the standard Microsoft platforms,
headlined the security landscape in 2014. This has piqued cybercriminals interest in
typically less considered software and systems. Expect to see more discoveries of
significant insecure code emerge this year, and while most will not reach the same
severity as Heartbleed and ShellShock, they will still be an interesting challenge for
businesses.
Standards News
By Information Technology Standards Committee
NEXT