Criminals are to move away from mass attacks to highly-targeted ‘campaigns’ based on personal data, ushering in a new era of hacking in 2015, according to new research.
‘This time it’s personal’ will be motto of 2015 as cyber-criminals are predicted to become more selective in the way they target victims. According to Stephen Bonner, a partner in KPMG’s cyber security practice, the next twelve months will see criminals move away from mass spear-fishing tactics in favour of highly targeted ‘campaigns’, based on the data trail people leave in their online lives.
Stephen Bonner says: “Over the past year, the Internet of Things took its first tentative steps into the mainstream, but consumers’ willingness to adopt the latest trend has come at a price. Their desire to be seen has overtaken their desire to be secure, meaning that we can expect organised crime to find new ways to make money in our increasingly digitised society.
“It is possible that our willingness to share and shop online will let criminals become more selective about who they target. They won’t need to maintain the current ‘hit and hope’ approach of spear phishing, instead only attacking specific users and computers based on the data these give away about their owners.
The result, according to Stephen Bonner will be a business world where cyber protection matures and where governments come together to improve ways in which confidential data is secured.
He says: “2014 may have been a year in which hardly any time went by without news of a cyber attack and the next 12 months will be no different. This time, however, third party assurance will become a burgeoning industry as firms seek to protect themselves against lawsuits for loss of data or revenue. As part of this, my hope is that EU governments will reach agreement on data protection legislation in a post-Snowden world, and implement a data breach disclosure regime.
“Ultimately, cyber defense will be akin to a game of whack-a-mole – with more emphasis on spotting attacks, more sharing of intelligence in near real-time and more efforts by companies and governments to counter and disrupting cyber-attacks quickly. But to win the game a change in mindset is needed, with security teams reinventing themselves by engaging with the business to really understand their priorities and justify their budget, ensuring that their efforts are focused on defending key business assets, while all the while being seen as an enabler for doing business in the digital world.”