So the Mayans were wrong and we have survived to see the New Year. And, although the Mayans were quite advanced, they never mentioned an apocalypse via SQL injection or hacking. Unfortunately, there will be a continuing growth trend in this direction, even if it's not Mayan related.
Since we learn well from others, we at GreenSQL have carved our own wheel and offer these security predictions for 2013:
1. Attacks against embedded devices will be more frequent and more professional. Air- conditioning management systems, lighting management systems, printers, gaming consoles, SCADA industrial control systems, and other such systems will be targeted.
2. Database attacks will be more common, but SQL injection attacks will become more transparent to security solutions. People will increasingly recognize that personal information, such as financial, customer, personal, and health records, is the new currency and must be better protected.
3. Mobile devices, such as smartphones, tablets, training devices, smart cameras, and so on, are rapidly becoming the only portals to the Internet. In fact, we believe they will be 80 percent of all devices accessing the Web within three years. This, in turn, means that they will also become the chief targets of browsing-based attacks.
4. The year ahead will bring a host of new attacks and exposed vulnerabilities to go along with all the new cloud services and security products providers will make available. The public will increasingly grow to understand that the cloud is a sophisticated, elastic hosting service, and as such they will be compelled to perform better due diligence to make smarter decisions before using and moving their services to the cloud.
5. Some of the largest financial organizations in the world have learned a hard, ugly lesson in the past year: Professional hackers are determined to pillage your data. And they're willing to invest the necessary resources to make it happen, whether using malware themselves or selling it to the highest bidder. These attacks will become increasingly common, and organizations will begin to realize that most standard anti-virus solutions are insufficient when dealing with flurries of new attempts to compromise their systems.
As tired as this saying is, it still rings true: Defending against cyber-attacks, hacking, SQL injection, and the like is a marathon, not a sprint. Actually, that's not really true either, as marathons have an end, while this won't. Thieves evolve and improve along with the development of new devices, technologies, and even security systems. An old Japanese saying: As iron sharpens iron, so one man sharpens another. Thieves and hackers sharpen us to do our best to stay one step ahead.
DAVID MAMAN is founder and CTO of GreenSQL, a database security company in Tel Aviv, Israel.