14 DAY TRIAL // For the end of 2015 and the start of 2016, organizations should expect ransomware infections, multi-layered attacks, insider threats, but also a greater awareness from management towards enterprise security problems.
That's what IBM is reporting in its IBM X-Force Threat Intelligence Quarterly, 4Q 2015 report, dealing with the top trending threats for the last months of 2015.
The report puts the focus on a trend previously reported by multiple other security vendors (Corero, Kaspersky), and that's the emergence of slow&low DDoS attacks that are used to hide more serious intrusions.
This is because DDoS attacks are hard to mitigate, keep most of the staff open, and sometimes need new resources freed to deal with the attack. This leaves the door open for attackers to sneak in and compromise other equipment while the company's security team is busy setting up DDoS mitigation solutions, which are known to take weeks or months to integrate inside large-scale businesses.
Additionally, investigating a DDoS attack usually takes months for enterprises with hundreds of servers (and logs), which gives attackers extra time to crack the locks on whatever they might be after inside a company's network.
Ransomware is the second trend that IBM researchers are warning about, but this was obvious for anyone reading our Security News section, just because of the increased number of new ransomware families we reported on almost on a monthly basis.
Insider threats can be countered with proper employee training
The third trend observed by IBM's security experts is the rise of insider threats. These are employees who do not follow security protocols, intentionally or out of bad habits.
While this threat can be mitigated through proper employee training, the fourth and only positive trend is the increased attention management has started paying to security protocols.
The rising number of data breaches may have contributed to this enhanced focus on security practices, with many of the affected companies ending up paying millions in customer damages.
"The major cyber-security trends of 2015 - the challenge of recognizing stealth attackers on the network, ransomware, malicious insider attacks and growing management attention to enterprise security readiness - can largely be addressed by focusing on 'security 101,'" IBM X-Force team notes. "Think patch management, user education, proper password procedures and standard security practices."
