Security trends for 2015 have been released, and it sounds like 2015 is going to be even tougher than 2014; but before we can start preparing to face the new wave of threats, it seems we have some housekeeping to do first. The top passwords of 2014 have just come out, and I’m not gonna lie, it doesn’t look like the world has cracked security just yet. So, let’s see how we can prepare ourselves for the security shapes that 2015 is throwing our way.

Password company SplashData has compiled a list of the top 25 passwords of last year, and it turns out that just because we thought no one used the old ‘123456789’ passwords anymore, they’re still hanging about like the person that no one invited to the party but who came anyway and now refuses to leave (then lets all their aggressive mates in the back door). For example, despite there being a lot of press about how darn easy to crack many passwords are, and how they need to be stronger, the top two (already weak) passwords have been snug in their spots since 2011. The hackers might have caught on to that by now guys. Most of the usual suspects are still knocking about and there are some really, really obvious ones too.

It’s true that having a complicated password might not stop hackers totally, but it can buy time and put them off; so if you’re using any of these, or anything similar, maybe take a quick break and change it now – according to the guys in our security division, getting passwords right is Security 101 (here are some ways to win at passwords).

1. 123456
2. password
3. 12345
4. 12345678
5. qwerty
6. 123456789
7. 1234
8. baseball
9. dragon
10. football
11. 1234567
12. monkey 1
13. letmein
14. abc123
15. 111111
16. mustang
17. access
18. shadow
19. master
20. michael
21. superman
22. 696969
23. 123123
24. batman
25. trustno1

On top of this, Kaspersky Lab research results show that 82% of companies with ten employees or less still don’t believe that they’d be a target for cyber-attacks as they don’t think they have anything worth stealing. From the headlines in the media many seem to draw the conclusion that large companies and governments tend to take the heat, but even small companies can be victims because of their own sensitive data.

Now that we’ve cast a glance over the areas we can learn from over the last year, here are a few trends that the Lookout report has predicted for the year ahead (and it ain’t slowing down any!):

After all the scares of last year, demand for cyber security insurance is going to rocket, and this is a good thing as it’s predicted more large companies will also suffer data breaches. Critical infrastructure attacks will also be more likely – targeting utilities and businesses, which will mostly be either politically motivated or extortion attempts.

Mobile malware will increase as more people own mobile devices (backed up by Deloitte’s smartphone predictions last week) and they become an increasingly attractive target. There’s also a possible increase in zero day attacks (holes that are found and exploited by hackers before the affected organisation itself knows about it) as more people are researching code and finding old flaws.

Plus, if anything, because we’re becoming increasingly aware of security threats, mobile threats will also become more sophisticated. Lookout reckons the wave of even more evolved threats that appeared last year was probably in reaction to mobile operators employing better safeguards and getting generally more security savvy – the good guys upped their game, which forced the bad guys to too. And unfortunately, because threats like ransomware did so well, it suggests that mobile attackers will innovate to keep improving their malware because they found that it’s worth it.

Especially with the rise of BYOD, to protect your biz against mobile threats in the coming year the report recommends:

• Implement mobile threat protection to monitor for and protect against suspicious activity on mobile devices, block identified threats and assess the overall health of mobile ecosystem
• Segment networks for mobile devices to limited mobiles to an isolated network segment with strong controls limiting access to sensitive resources and analytics to detect potentially malicious behaviour
• Educate employees on mobile security best practices to avoid risky behaviour to help limit an organisation’s mobile risk profile

The key message for small companies is to get savvy, and if they don’t have the knowledge in-house, get outside consultancy or expertise, as a breach can be very expensive – both financially and reputationally (if you’re using third parties, check what level of security they have first too). The key to protecting your company is to keep informed of the threats and regularly patch applications, operating systems and ensure you have active defences such as Anti-Virus and firewalls protecting your front door. And whether you’re a company or an individual, if your password is on that list of awfulness above, hang your head in shame. I’m just kidding. But you might wanna think about changing it, pronto!