The door is closing on 2012, and it's time to look ahead to next year. As you round out your 2013 business and IT plans, cybercriminals are resolving to implement increasingly sophisticated threats targeting specific computer systems and organizations big and small.
In the past year, businesses have seen several serious hacks and breaches. As the arms race between attackers and businesses continues to evolve in 2013, IT departments and security professionals will need to stay on top of the changing tactics and approaches used by criminal hackers in order to protect their organizations.
Here's our take on what security threats and trends we expect to see in the coming year:
Threat #1: Social engineering
This begins with focusing on a tried-and-true black-hat tactic in both the physical and digital worlds – social engineering. Before the computer age, this meant sneaking one's way past a company's defenses with the gift of gab as opposed to a cleverly-worded email. Now social engineering has moved onto social networks, including Facebook and LinkedIn.
Attackers are increasing their use of social engineering, which goes beyond calling targeted employees and trying to trick them into giving up information. In years past, they might call a receptionist and ask to be transferred to a targeted employee so that the call appears to be coming from within the enterprise if caller ID is being used. However, such tactics aren't needed if the details the cybercriminal is looking for are already posted on social networks. After all, social networks are about connecting people, and a convincing-looking profile of a company or person followed by a friend or connection request can be enough to get a social engineering scam rolling.