2015 to see increased IoT risks, wider security skills gap

As Internet of Things gain more traction this year, such devices are expected to attract the attention of cybercriminals who will also return to social engineering tactics to launch attacks, predicts Sophos.

With Internet of Things (IoT) gaining more traction, such devices are expected to gain more attention from malicious hackers this year who will also be resorting back to social engineering tactics.

In its predictions for 2015 released Tuesday, IT security vendor Sophos said the new year will see cybersecurity continue to generate much interest following several significant data breaches in 2014, during which the likes of Sony and Home Depot were among the victims.

Sophos also noted that with Microsoft committing more efforts in exploit mitigations for Windows--the key target of hacker--it has become more difficult to write attack codes for the operating system. As such, some hackers are returning to social engineering to launch attacks while others divert their attention to non-Microsoft platforms.

Cybercriminals also will look to IoT devices as potential targets and this could lead to serious consequences since manufacturers in this space are failing to adopt basic security standards. Sophos further urged the need to resolve this gap.

It added that more holes can be found in software where major coding flaws have gone unnoticed for the past 15 years. "From Heartbleed to Shellshock, it became evident that there are significant pieces of insecure code used in a large number of our computer systems today. The events of 2014 have boosted the cybercriminals' interest in typically less-considered software and systems, so businesses should be preparing a response strategy," it said.

This is further exacerbated by the lack of security skillsets and qualified IT security professionals, with the void expected to widen through to 2030. Governments are realizing the need to fill the gap and focusing on incident response and education, Sophos said.

The security vendor also noted that more organizations are deploying data encryption amid increasing awareness of security and privacy concerns, in particular, following revelations of cyberspying by intelligence agencies. The move toward more encryption, however, has led to much displeasure among organizations such as law enforcement and intelligence bodies, which argue that this will have a negative impact on public safety.