AdNovum Security Update 2015 Attacks are Getting More Complex

At the media event «Security Update» on March 31, 2015, AdNovum presented its view on current trends in IT security. Attacks are increasingly sophisticated and complex and, therefore, more difficult to identify.

AdNovum illustrates its view on the current risk situation in information security also in 2015 as a security hype cycle. New topics and changes compared to the last edition are marked red.

AdNovum’s Information Security Hype Cycle as of March 2015

Currently, the focus is not on new types of threats, but on existing types that are enhanced. As regards social engineering attacks, for example, a professionalization of the analysis followed by targeting can be observed.

Perimeter security and cloud security measures are no longer sufficient. Increasingly, endpoint security is in demand again. It is also advisable to keep an eye on the hardware, as it may serve as target platform for firmware attacks.

The impairment of products and standards continues to be a key issue. If these impairments affect widely used products and standards and remain undetected for a long time, they may be disastrous in terms of information security. A good example of this is Heartbleed. Therefore, it is advisable to reduce products' functionality to the max and, as a result, avoid the integration of potential vulnerabilities in unnecessary modules. It is also recommended not activating sensitive or hardly used modules by default (secure defaults). System providers using security-relevant products and standards should have several complementary security layers, including controls, in place. This allows them to reduce potential effects of such impairments (defense in depth).

As a general rule, attacks are becoming more complex and more difficult to identify. For this reason, identifying misuse by means of user behavior analytics and adaptive security measures are gaining in importance.