Seven security trends to watch in 2015

What sort of IT security developments should we expect to see in 2015? Here’s my top seven, starting off with privacy and security digging in for a long war. Encrypted traffic will increase and so will data breaches, while use of encryption will continue to increase to protect consumer privacy. Malware will increasingly hide behind encryption to evade detection by most enterprises that are struggling to balance employee privacy against those encryption-hidden attacks.

Big media will say NO to malvertising. Major media properties will increasingly display ads from partner networks that host malware. As the risks of infection by visitors to their web properties increase, these media companies will put more pressure on their ad partners to eliminate malvertising.

2015 will be the year of PUS. Potentially unwanted software (PUS) is picking up on mobile devices. Hidden deep down in end-user licensing agreements and frequently missed by users downloading free apps, PUS will increasingly be part of downloads to gather information about your web surfing, in order to ‘improve your browsing experience’, such as serving you more relevant advertisements. As PUS is increasingly added to free software by developers seeking to monetise their creations, it will slow down - and even destabilise - infected devices.

Unmarked bills or you'll never see your data again. Ransomware hit a lot of people in 2014. The next logical next step for ransomware creators is to say “how can I increase value from my victim?” Blue Coat predicts that the next real targets will be small businesses or small government organisations - entities with hundreds of thousands in their bank account. These attacks will involve conducting reconnaissance on target computers/systems - not just blindly encrypting all the documents. If attacks can access the network storage, attacks can demand higher ransoms.

Attackers will get social. Attack tools will increasingly leverage information from social networks to customise the attacks in a better way. Most targeted attacks have a social context, which increases efficacy and is easier to do now. Attackers will exploit their knowledge of target victims to gain access to critical systems and data.

Big Brother will absolutely be watching. While it was relatively low in volume in 2014, expect an increase in surveillance software that is developed by security companies or nation states to monitor certain people. As international conflicts emerge, these tools will inevitably be used to keep track of what people are doing and whether they’re a security risk or not.

Heartbleed, Shellshock and Poodle, oh my. Expect more ‘common mode failure’ events, where a single defect causes failures to ripple through a system, like Heartbleed, Shellshock. Vulnerability seekers (researchers, attackers) have had their first taste of this, and there’s no going back now.

Dr Hugh Thompson is the Program Committee Chairman for the RSA Conference, and Senior Vice President and Chief Security Strategist of Blue Coat Systems.