Dell has completed a review of 2014’s security threats and come up with predictions for 2015, including an increase in attacks on wearables and personal technology.
Utilities are increasingly under attack, and coming under the protection of government agencies, and Dell found that assaults on control systems have doubled.
The report warned that lapses in security have enabled much of this bad traffic, and that affected companies need to change internal practices and make better use of available technology.
“Everyone knows the threats are real and the consequences are dire, so we can no longer blame lack of awareness for the attacks that succeed,” said Patrick Sweeney, executive director for Dell Security.
“Hacks and attacks continue to occur, not because companies aren’t taking security measures but because they aren’t taking the right ones.”
The report used Dell’s Global Response Intelligence Defence network and SonicWALL’s network traffic equipment to study the threats, and the results can be used as a guide for enterprises wanting to strengthen their defences, according to Dell.
Point of sale attacks “surged”, the report said, raising red flags about third-party partnerships and inadequate patching. The majority of these attacks hit US retailers, and Sweeney added that hackers are relying on exploits and network weak spots for access.
“Malware targeting point-of-sale systems is evolving drastically, and new trends like memory scraping and the use of encryption to avoid detection from firewalls are on the rise,” said Sweeney.
“To guard against the rising tide of breaches, retailers should implement more stringent training and firewall policies, as well as re-examine their data policies with partners and suppliers.”
The report also discussed Heartbleed and the need for end-to-end encryption. Dell commended firms including Google, Facebook and Twitter for adopting HTTPs for tougher privacy and security.
Dell said that security systems without an insight into HTTPs traffic are ineffective, and that SSL protection and a refined enterprise computing network are needed.
“Managing threats against encrypted web traffic is complicated. Just as encryption can protect sensitive financial or personal information on the web, it unfortunately can also be used by hackers to protect malware,” added Sweeney.
“One way organisations mitigate this risk is through SSL-based web browser restrictions, with exceptions for commonly used business applications to avoid slowing company productivity.”
The industrial industry is not helping itself in terms of attacks on control systems, according to the report, because of a reluctance to go public with any problems. More information sharing and reporting is needed if such attacks, which doubled between 2013 and 2014, are to be stopped.
“Since companies are only required to report data breaches that involve personal or payment information, Scada [supervisory control and data acquisition] attacks often go unreported,” said Sweeney.
“This lack of information sharing, combined with an ageing industrial machinery infrastructure, presents huge security challenges that will to continue to grow in the coming months and years.”
Dell highlights a number of threats likely to emerge in 2015, and technology users are advised to keep a close eye on banking apps, Android, wearables and connected televisions.