4 IT Security Threats Every Enterprise Should Fear

Not all IT security threats are created equal. In its fifth annual list of threat predictions, security solutions vendor McAfee highlights an array of threats that it expects to impact consumers and enterprises alike in 2013.

We’ve delved into the McAfee report to select the four IT security threats that matter most to your enterprise in 2013 and provide tips on how to protect your organization against them:

IT Security Threat 1: Mobile malware will be on the rise

One of the weak spots in relation to enterprise security for 2013 has to be mobile devices. This is due, in part, to the popularity of BYOD. Since the enterprise doesn’t own the devices, securing them – and the corporate data they’re accessing – becomes quite a challenge. Mobile devices therefore become a tantalizing target for cybercriminals, and McAfee predicts an uptick in the amount of malware developed to exploit mobile devices. The only true method of protecting your network from these types of mobile malware will be the implementation of a robust NAC solution.

IT Security Threat 2: More covert tactics to steal corporate data

McAfee statistics for 2012 reveal that criminals are using rootkits that target the BIOS and master boot record (MBR). These complex attacks are commonly used to access sensitive data that is locally stored on hard drives, or to install key logging and backdoor software so the attacker can access resources when the device connects to the company network. This is professional espionage at its best. It’s highly profitable and becoming more popular with each passing day. Many of these rootkits are being installed when users visit infected sites. To help mitigate risk, you need to have a good handle on your OS and IPS updates. It’s also essential that you continually educate users not to click on questionable content that can lead them to commonly infected parts of the Internet.

IT Security Threat 3: HTML 5 security holes

When a technology gains in popularity, it tends to catch the eye of cybercriminals who seek to ensnare the greatest number of people possible. HTML 5, the latest version of the language used to render webpages on Internet browsers, looks to be the next big target. Version 5 of HTML has been somewhat slow to catch on due to the fact that different web browsers rendered code differently. Because web designers had difficulty in coding websites that reacted similarly across all the popular browsers, they tended to stick with the older, cross-browser compatible HTML 4. Now that the W3C is inching closer to fully standardizing the markup language, designers will be more likely to code in version 5. Because of the anticipated growth of HTML 5-coded sites, McAfee researchers are confident that attackers will be combing through the latest code in the attempt to find holes to exploit. Again, patch management will be key to limiting your exposure.

IT Security Threat 4: Hacktivism loses sympathizers but not power

Hacktivists have done very well over the past few years in terms of gaining public support. But the McAfee report points out that lately, groups like Anonymous have made some major mistakes by using “disinformation, false claims, and pure hacking actions” to target some companies and governments. Because of these mistakes, and because some hacktivists are not being completely honest with outsiders, the McAfee report predicts that hacktivism will continue to lose favor with the masses. Keep in mind that despite its loss of popularity, hacktivism will continue to be popular in 2013 and is something to keep a close eye on. Do what you can to help keep up your organization’s public image so as to not draw any unwanted attention. Also make sure to solidify disaster recovery plans in the event that hacktivists target your infrastructure with a distributed-denial-of-service (DDoS) attack, which is one of their often-used tactics.

In order to best protect your enterprise from cybercriminals, it’s good to take a look at what will likely be targeted the most. According to the McAfee report, mobile devices, espionage, HTML 5, and hacktivism will be major points of interest for attackers. A thorough vetting in your organization will be necessary to ensure that you’re not completely caught off guard by threats that are right around the corner.

About the Author

Andrew Froehlich is a network engineer and IT consultant, and a contributor to EnterpriseEfficiency.com, a UBM Tech community.

Andrew Froelich
Andrew Froehlich is the President and Lead Network Architect at West Gate Networks, an IT consulting firm based in Northern Colorado that specializes in enterprise network architectures and datacenter build-outs. He has well over a decade of enterprise networking experience at organizations such as State Farm Insurance, United Airlines and the University of Chicago Medical Center. When he's not consulting, Andrew enjoys writing technical blogs and is the author of two Cisco certification study guides published by Sybex.
Andrew Froelich
Tags: IT Security,Technology