The challenge for companies in 2015 lies in the way they will protect their data, their business, and in particular how they will convince employees to become invested in their security programs, ESET LATAM Research Lab said.
In a new report, ESET said it expected that more companies will report in 2015 having suffered the consequences of ever more complex and evolved APTs, which will exploit the constantly appearing security vulnerabilities, leaving the door open for even more data exfiltration.
No organization is immune to attacks of this nature, given that the attacker looks for valuable information – something that every company, organization or entity has. Therefore, it is a challenge for companies of all sizes to adopt the necessary security measures so that they do not become victims.
Second, in 2015, security teams in charge of point-of-sale systems must review the way they are protecting and isolating them to limit breaches such as was seen in the last 12 months. POS information leakage is a direct blow to the business that companies can ill afford, due to both the economic impact and to the damage to the company's reputation and the trust of its clients.
Third, safeguarding information is an increasingly important requirement for companies, as well as a guarantee for the continuity of the business.
Fourth, vulnerabilities will play an important role in corporate security, given that they always represent a risk. In the case of unknown threats – like zero-day threats – they are much more complex, and having a well-trained, proactive security team is one of the best defenses against them.
And fifth, the possibility that the Internet of Things becomes more of an "Internet of Threats" will depend mostly on two fundamental factors — vendors and users. So far, threats have focused on devices with the greatest number of users.
The main security considerations that should be considered for 2015 are among the following — protecting the way they connect and share information; the speed and ease of update deployment; and ensuring that those people interacting with the information are really who they claim to be.
Additionally, with respect to IoT, businesses need to guarantee that connected things are not exploited via maliciously modified applications. Also, encrypting confidential information is a good option so that third parties cannot access it in order to change or steal it