The rise in so-called big data and application DDoS (distributed denial of service) attacks are among concerns for the foreseeable future, according to data security specialist Imperva, which has issued a top nine cyber security trends for 2012.
Number one is an assertion that security will finally trump compliance – reversing the traditional position. Imperva believes that, with the cost of breaches rising, industrialised hacking impacting many organisations and the need to protect IP, more companies will make cyber security decisions based on security, rather than regulations, such as PCI and SOX.
Imperva's number two is the rise of 'cyber brokers', as a result of an increasing supply and demand for compromised machines, as well as for sensitive corporate information. Such individuals will match the buyers of stolen data or compromised machines (bots) with sellers.
The list goes on to include threats stemming from an increase in anti-social media (with hackers automating social media attacks); time wasting as IT professionals chase regulation of end-user devices and cloud data access instead of controlling data at the source; and inadequate security around big data (NoSQL) inhibiting integration as third party components within companies.
Turning to internal collaboration suites (such as Microsoft Sharepoint and Jive) being deployed in 'evil twin' (external) mode, Imperva believes organisations will have to look for tools to protect and control access.
As for DDoS, the prediction is that attackers will increase sophistication and effectiveness by shifting from network level to application level attacks – even business logic level attacks, citing increasing exploitation of SQL injection vulnerabilities as one of the modes.
At number eight, Imperva suggests that, whereas to date, zero day attacks have been enabled by vulnerabilities in browsers' add-ons, in 2012 hackers will shift their focus to exploiting vulnerabilities in the browsers themselves to install malware, driven in part by the adoption of HTML 5.
And finally, Imperva believes that SSL-orientated attacks will reach a tipping point in 2012, so provoking a discussion about alternatives for secure web communications.