Hacktivism and state-sponsored cyber attacks will continue to make up a significant part of the information security threat landscape. But financially-motivated attacks remain the greatest source of threats, a panel of analysts told Infosecurity Europe 2013.
Although some research suggests that hacktivist activity has peaked, the analysts believe it will continue to cause problems for businesses' security teams, not least because it is becoming easier for individuals with a grudge to find the tools to carry out cyber attacks.
And the fact that hacktivists may be either individuals or loose-knit groups makes them hard to defend against. "Hacktivism is a movement or a philosophy, not an organized group," said Wendy Nather, analyst at the 451 Group. "You will never capture everybody in the group, and they are still listening and reading everything you do, ready to take umbrage at the drop of a hat."
"The targets of hacktivism will change and the methods will change, but they won't go away," agreed Bob Tarzey, of analysts Quocirca. The opportunistic nature of hacktivism means that groups are quick to move on to new targets.
But hacktivism might also be used as a cloak for either state-sponsored, or financially-motivated attacks, the panel found. Hacktivists themselves might not be aware of it, but other hackers might use vulnerabilities they find to exploit systems. And organised crime might look to push the blame for attacks on to hacktivist groups.
State-sponsored cyber attacks, on the other hand, might go underground as governments backing them come in for more criticism.
Although the panel was skeptical about the idea of "privateers" speculating for valuable data and offering it to governments, Tarzey pointed out that the online world often mirrors the offline, even in espionage. "Everything we have seen in the real world can happen online," he warned.
But although China has come in for more criticism for its underground cyber activities, it is not only the country playing the great game. "I've spoken to people who say that Euopean governments are out there looking for intellectual property and bringing it home," admitted Andrew Rose, of Forrester Research.
The panel also found that insider threats were set to continue to cause problems for businesses and governments. Deliberate actions are often less significant, though, than accidents and mistakes. "As many as 27 per cent of [information security] incidents involve errors," said Wendy Nather. "A lot of what security teams are asked to investigate are really HR issues, and so don't show up as breaches."
"You do have people who see an opportunity for personal gain or to get back at their employers, but the main problem is the 'idiot', people doing stupid things," said Bob Tarzey. One answer is to put more controls around privileged user access to systems, and to look at the context of what users are doing, so-called context-aware security.
Another, said Andrew Rose, is to move to a security model, based around information classification. Organisations can stretch their security budgets further by focusing on the data that matters, and providing lower levels of protection for those that do not. "This is actually hugely empowering," he said.
But security teams will also need to maintain their conventional protection measures, such as anti-virus, and perhaps also add protection against DDoS attacks, as these, the panel said, are likely to grow. Blocking them could become just another cost of doing business.