Ten 2010 IT Security Predictions, Part 2: Schmidt and ICSA Labs
Howard Schmidt, former eBay CISO and vice chairman of the President's Critical Infrastructure Protection Board, and the folks from ICSA Labs, a vendor-neutral testing and certification lab, offer 10 predictions for security in 2009. (Second of 2 parts).
By Bill Brenner, Senior Editor
2. Network Attached Peripheral Security (NAPS) Threats Grow
With more network-attached devices than ever before, there are even more opportunities to cause harm. This year's uncertain economy spurred an unprecedented number of layoffs and the risk of disgruntled employees stealing confidential company information is greater than ever. Using unsecured printers and network-connected security cameras that can be manipulated, employees are able to cover their tracks when accessing restricted areas.
3. Social Networking Threats Skyrocket
As more and more businesses turn to social networking sites to extend their customer reach and build brand awareness, sensitive data becomes even more available and vulnerable. This past year, the KoobFace worm spread like wildfire through several social networks including Facebook, MySpace, Friendster and Twitter. In October, a massive bot-based attack, Bredolab, affected three-quarters of a million Facebook users by sending fake password reset messages. Vendors and purveyors of social media sites need to take a more active role in educating their users about threats like Bredolab in 2010.
4. Windows 7 Flaws Revealed
The widespread adoption of the Windows operating system naturally makes it a key target for malicious threats like viruses, bots and worms. In fact, just last week on December 8th, Microsoft issued patches for three critical bugs found in Internet Explorer 8.
5. Spam, Phishing Go Mobile
While spam comes from all over the globe, more and more of it will originate in Asia during 2010, based on our weekly anti-spam product test reports.
6. Free AV and the Rise of Scareware
While free anti-virus products are great to decrease the growing amount of malware threats out there, users need to be cautious about rogue anti-malware products -- otherwise known as "scareware" -- that organized crime rings will use to take advantage of end-users and disable their computers. Scareware reared its ugly head this year through fake advertisements (malvertising) for antivirus on The New York Times website.
Read more about application security in CSOonline's Application Security section.
Other stories by Bill Brenner
IT security in 2010
- Utility Mandate: Software Security for the Smart Grid
- CyberAttacks ... Are you protected or prepared to pay?
- Survival Guide: Overcoming the Obstacles to Effective Risk Management
- Risk-driven Compliance and Security Management
- Bringing Together Security and Usability
- Simplifying Risk Management: Is Your Company Measuring Up?
- The Escalating Risk of the Insecure Web
- Maximize Security Coverage, Minimize Costs
- How to Prioritize Risk & Justify Security Investments
- Five Steps to Secure Outsourced Application Development
- Protecting Your Applications from Backdoors: How Static Binary Analysis Helps Build High-Assurance
- Report: The State of Software Security
