Top Security Prediction for 2013: Check Point

The door has closed on 2012, and it's time to look ahead to next year. As you round out your 2013 business and IT plans, cybercriminals are resolving to implement increasingly sophisticated threats targeting specific computer systems and organizations big and small.

In the past year, businesses have seen several serious hacks and breaches. As the arms race between attackers and businesses continues to evolve in 2013, IT departments and security professionals will need to stay on top of the changing tactics and approaches used by criminal hackers in order to protect their organizations.

Here's our take on what security threats and trends we expect to see in the coming year:

This begins with focusing on a tried-and-true blackhat tactic in both the physical and digital worlds – social engineering. Before the computer age, this meant sneaking one's way past a company's defenses with the gift of gab as opposed to a cleverly-worded email. Now social engineering has moved onto social networks, including Facebook and LinkedIn.

Being aware of social engineering is important, of course, because it can be the precursor for a sophisticated attack meant to breach the wall of your organization. This year saw a number of high-profile attacks (think: Gauss and Flame) targeting both corporations and governments. These attacks are known as Advanced Persistent Threats (APTs). They are highly sophisticated and carefully constructed. The intention behind APT attacks is to gain access to a network and steal information quietly. They take a low-and-slow approach that often makes them difficult to detect, giving them a high likelihood of success.

But some of the most dangerous attacks come from the inside. These attacks can be the most devastating, due to the amount of damage a privileged user can do and the data they can access. In a study funded by the U.S. Department of Homeland Security, the CERT Insider Threat Center at Carnegie Mellon University's Software Engineering Institute and the U.S. Secret Service, researchers found malicious insiders within the financial industry typically get away with their fraud for nearly 32 months before being detected. Trust, as they say, is a precious commodity – but too much trust can leave you vulnerable.

For attackers, it is likely as well that there will be more attempts to circumvent the app review and detection mechanisms mobile vendors use to guard their app markets. All this means that the flood of iPhones, Google Android phones and other devices making their way into the workplace are opening up another potential gateway for attackers that needs to be secured. Think about it – your smartphone has a camera. It has a microphone. It can record conversations. Add these features to the ability to access your corporate network, and you have the ideal stepladder to climb the walls we are talking about.