The recent attack on Cisco routers has been making big news. Sophisticated malicious software, dubbed SYNful Knock, attacked Cisco routers in India, Ukraine, Philippines and Mexico. U.S. security research firm FireEye had warned that this infection could help cyber criminals to access huge amounts of data without being detected.
The incident points out that organisations, regardless of its size and the tight security measures adopted, are still vulnerable to malware attacks.
Apple was the next target following Cisco. Many iPhone and iPad users were found with malicious XcodeGhost code inside the App Store. In reaction to the first major attack on Apple’s App Store, the company withdrew several apps, commonly used in iPhones and iPads in China, from its iOS App Store. Infected apps include popular Chinese mobile messaging app WeChat, NetEase’s music downloading app and Didi Kuaidi’s car hailing app.
Palo Alto Networks Director of Threat Intelligence Ryan Olson believes developers are now a huge target. He expressed concern that App Store could be compromised if hackers infected machines of software developers writing legitimate apps. Other attackers may copy that approach, which is hard to defend against, he said.
Earlier in October, a report released by the Chatham House, a London-based think tank, showed that global civil nuclear facilities are facing growing risk of a serious cyber attack given the increasing reliance on digital systems and use of commercial “off-the-shelf” software.
The constant game of cat and mouse played by attacker and attacked leads to technology innovation and increased investment.
In September, IBM launched new cloud security technology called Cloud Security Enforcer, designed to protect the increasing use of “bring your own” cloud-based apps at work.
The company said this is the first technology to combine cloud identity management with the ability for companies to discover outside apps being accessed by their employees, including those they are using on their mobile devices.
Meanwhile, Tata Consultancy Services implemented the IndusGuard suite of products to safeguard their website and online applications. According to Kinshuk De, business operations, enterprise security risk management at TCS, blurring of enterprise boundaries has increased the attack surface, vulnerabilities and concerns related to web application security.
Digital security provider Gemalto claimed that it protects over three billion mobile phonebook contacts across the Middle East and Africa region through its LinqUs Cloud Backup solution. As many as 22 different mobile network operators in the region have deployed the Gemalto solution.
According to a new cybersecurity study, many organizations are leaving the door open to an advanced persistent threat (APT). Conducted by global IT association ISACA, the study found that more than one in four have already experienced an APT attack.
The 2015 Advanced Persistent Threat Awareness Study found that mobile device security continues to lag at many organizations, even though the “bring your own device” (BYOD) trend increases APT risk.
Rising security issues press businesses to boost spending on web security. According to a survey conducted by information company IHS, majority of threats enter networks through unsafe web browsing. It noted that even during the last major recession, which impacted spending in all areas of IT, none of the core threat mitigation markets contracted.
The survey found that respondents’ top drivers for deploying new security solutions are protecting against data theft and leakage and upgrading security to match network performance. Cost is the barrier affecting respondents’ deployment of new security solutions. Businesses increasingly expect to consume security via a mix of products and hosted services/SaaS. The top 3 security technology vendors as cited by enterprise participants are Cisco, IBM and Microsoft.
Security market trends
The worldwide network security market rebounded in the second quarter of 2015 from the seasonally-down first quarter to post quarter-over-quarter 9 percent and year-over-year 13 percent growth, according to the IHS Infonetics Network Security Appliances and Software report from HIS.
“The first half of 2015 is off to a fantastic start for network security, with the top four vendors-Cisco, Check Point, Fortinet and Palo Alto Networks-posting double-digit annual growth in the second quarter,” said Jeff Wilson, research director for cybersecurity technology at IHS.
IHS added that network security appliance and software revenue totaled $2 billion in the second quarter of the year.
Security market forecast
Gartner says worldwide information security spending will grow almost 4.7 percent to reach $75.4 billion in 2015. The research agency noted that the increase in spending is being driven by government initiatives, increased legislation and high-profile data breaches.
“Interest in security technologies is increasingly driven by elements of digital business, particularly cloud, mobile computing and now also the Internet of Things, as well as by the sophisticated and high-impact nature of advanced targeted attacks,” said Elizabeth Kim, research analyst at Gartner.
Further, Gartner predicted that by 2015, 85 percent of new deals for network sandboxing functionality will be packaged with network firewall and content security platforms.