Check Point: Top 7 security issues impacting NZ businesses in 2015

While last year, IT security was all about the ‘breach” with one attack after another, in 2015 security vendor Check Point believes when it comes to the New Zealand market, it will be a case of more of the same.

Along with the Australian industry, New Zealand organisations will see the continuation of a raft of security dilemmas from zero day malware and open source to the need to safeguard SDN, mobile users and IP appliances.

“While IT professionals won’t see an end to security threats it’s also important to remember that every organisation, large and small, can find the right tools and expertise to stay safe,” says Kurt Hansen, managing director, Check Point Software Technologies, Australia and New Zealand.

Launching its list of the leading IT security threats and trends which New Zealand business can expect to see in 2015, Hansen’s run-down is as follows…

Safeguarding SDN

It’s true that SDN can boost security - namely by routing traffic through a gateway and IPS, thereby reprogramming and restructuring a network suffering a DDoS attack.

But according to Hansen it can also automatically quarantine any infected endpoints or networks.

“Security must be designed into the SDN concept,” Hansen says, “and because SDN is being increasingly adopted in data centres, you can expect to see targeted attacks that try to exploit SDN controllers to bypass network defences.”

Blocking Zero Day Malware

The new face of malware is fast and stealthy, Hansen explains.

Over a third of organisations downloaded at least one file infected with unknown malware last year, thanks to obfuscation tools that help attacks slip past even sophisticated solutions.

“73 percent had existing bot infections, with 77 percent infections active for more than four weeks,” he explains, “a disturbing length of time given that the average bot attempts to communicate with its Command and Control centre is every three minutes.”

Open source, open target

“Open source vulnerabilities like Heartbleed and Poodle affected nearly every IT operation in the world,” Hansen adds.

“While organisations may not be able to anticipate the next massive vulnerability, they should understand that flaws in open-source and commonly used platforms offer hackers rich opportunities.”

Page Break

Addressing mobile momentum

The explosion in mobile device popularity presents a tough challenge also.

According to Check Point’s global survey of more than 700 businesses; 42 percent had suffered mobile security incidents costing more than US$250,000 to remediate - and 82 percent expected incidents to rise during 2015.

“Considering the direct access to assets like passwords, email, documents and company networks and applications, smart security practitioners will make mobile security a top priority,” Hansen claims.

Managing mobile payment security

While some mobile payment solutions like Apple Pay, Google Wallet and PayPal offer multiple layers of security involving tokenisation and encryption, Hansen believes not all of these systems have been thoroughly tested to withstand real-world threats.

“It’s a safe bet that attackers will be searching out vulnerabilities to exploit,” he predicts.

Critical Infrastructure attacks

Nearly 70 percent of critical infrastructure companies surveyed by the Ponemon Institute suffered a security breach over the last year.

“Unfortunately we can probably expect more cyber attacks on public utilities and key industrial processes in 2015, namely through malware that targets the SCADA systems that control those processes,” Hansen says.

Dangerous devices

The Internet of Things is an exciting trend, according to Hansen, but these IP-based appliances often provide criminals with unsecured networks.

“Consider also the security implications of wearable tech and companion devices that connect to tablets and smartphones,” he asks.

“Are companies prepared to mitigate the risk of employees wearing Google Glass or the Apple Watch?”

In summary, Hansen believes the evidence is clear - criminals are everywhere, relentless and are evolving.

“But by implementing a multi-layer threat prevention, leveraging a robust threat intelligence network for real-time prevention, and gaining greater visibility through security management, organisations can ensure they are best protected against any potential vulnerability in 2015,” he adds.