2015 IT Security Predictions from a EURO perspective December 4, 2014 Vormetric More About This Author > Following on the heels of our Alan Kessler’s CEO level 2015 predictions blog, what should European organisations in particular expect from the world of cyber security in the next 12 months? EU Data Protection Regulation finally passes Well, we’ll most likely see the EU Data Protection Regulation finally passing into legislature and, given the scope and scale of breach incidents over the last year; it’s probably not a moment too soon. We’ll have to wait and see exactly when and how the regulation makes its way onto the legal books, but here’s a look at some key cybercrime trends to watch in 2015 that correspond with feedback we’ve had from our European customers. <ClickToTweet>: 2015 IT Security Predictions from a EURO perspective @Vormetric Paul Ayers http://bit.ly/1w3LCJQ Aging Open Source and Core OS Vulnerabilities Continue From Heartbleed and Shellshock, we know that today’s hackers are savvy enough to stalk out the vulnerabilities in the code that is underpinning much of today’s business infrastructure. Many tools that underpin our internet infrastructure are based on open source efforts with a long history – Unix in the 70’s, 80’s and early 90’s prepared the way for Linux, while on the proprietary OS side, much of the Windows Server code still has its roots in Windows NT from the 90’s. Given this combination of both older OS-bases not built for the threat environment that we see today, and the reality that many open source components are just as vulnerable we’ll continue to see more problems in both areas through 2015. In addition, preying on older, potentially unpatched operating systems is also highly unlikely to go out of fashion. At the end of the day, when software companies stop supporting their software; it also means no more security patches. With the sun setting on Windows 2003 Server in mid-2015, hackers are likely to concentrate efforts on exploits for it. New ways of working Cloud adoption is showing no signs of slowing. Indeed, in 2014 we saw some of AWS customers saying that they couldn’t make their own networks as secure as using Amazon’s AWS/S3 offerings. Cloud providers that can deliver flexibility and security as two sides of the same coin will continue to prosper, but in all likelihood we’ll probably see a major cloud or SaaS provider breach that will awaken everyone to the security risks of storing large amounts of critical data in the cloud creates. As such, we’re likely to see all serious IaaS providers offering a baseline and advanced service set of encryption tools with access controls for their enterprise customers. Financial sector continues under increased attack Over the past few years the financial sector has been pummelled by both nation state hackers trying to harm enemies’ core financial structure, and criminals out to steal money. With expanded tools available to them, expect the tempo to pickup. Only a concentrated focus on reducing attack surfaces, vetting transactions and safeguarding information with technologies like multi-factor identification, least privilege access and threat recognition will help keep financial firms safer. Smaller institutions may find themselves having to bring in outside help in the form of financial services focused managed service providers in order to continue in business as the complexity of attacks and required defences increases. Is it time to encrypt everything and anything important? In the past, organisations only encrypted for protection what they were forced to protect by compliance requirements, or when they were in an industry area where secrets were important (like government, aerospace and defence). Echoing Alan’s second prediction, in 2015 we’ll likely see European organisations make much more careful assessments about where inside their porous perimeters they are vulnerable, and put protections in place directly around their data.