Tuesday, January 3, 2012

Where is Security Headed in 2012?


2011 was a very difficult year for IT Security.  It seems as though everyone is now taking security very seriously and are now trying to make up for it.  Hackers have definitely gained the advantage and those in security are slowing losing ground.  The reasons for this are many, some are business, some are technology and some are the fact that a lot of companies are just now looking at security.  There is plenty of blame to go around; however hackers may be winning the battle now but are far from winning the war.   None of this was more real to me than after attending Hacker Halted 2011.  

After being exposed to so many new attack methodologies and threats in this cyber war, I came to the opinion that it is still in the reality that we can combat these new threats.   The realization from those on the front line, the trenches of IT security, is still upbeat and hopeful.  Most believe it will take a concerted effort by everyone to gain the upper hand because this is not a war that is won or lost but fought to gain or maintain the upper hand.
 
So what are the challenges for 2012?  This time of year everyone has put out a list of what to look for in the coming year.  I thought I might give a few thoughts on what I think are the main challenges going forward are for 2012.  You’ll see some are challenges we have had for a few years and some are new.
 
1.    Mobile technology threats
Smart phones are around 30% of the phone market.  Users use their phones from getting the latest sports news to paying bills.  The ability now for users to have portable technology almost like a computer, more than doubles the vulnerabilities on a network.  The number will increase over the year because smart phones are just about all that being introduced to the market.  The tablet market is growing by leaps and bounds.  Phones and tablets portability and complexity provide new challenges for securing data.  This is the new frontier of hacking victims.   
 
2.    Small businesses (SMBs) will enter the crosshairs of cyber attacks
SMB’s are the new large victims of hackers.   These types of businesses are the last ones to really start understanding security and its impact.  No more can they just focus on revenue.  What happens when you have no way in making revenue because of a security breach?  SMB’s are the most susceptible to a cyber-attack because of the lack of attention to security.  Although SMB’s are behind, they will be catching up in the coming year.
 
3.    Social media will increase in popularity as a conduit for social engineering attacks
Social media will continue to increase in popularity as the most effective way for social engineering attacks. Social media is fast being adopted by small and large businesses.  Companies can expect to see more social media profiles used as a way for social engineering tactics.  Hackers will use clever tactics to trick end-users into disclosing sensitive and private information and to downloading malware.  Facebook with its 850 million users are prime targets for data breaches.
 
4.    Companies will continue to overlook key vulnerabilities, hoping and waiting for governmental compliance to drive security. 
Governmental regulations remain the yardstick by which most company’s judge and conduct security.  Using a checklist that is developed for security initiatives is dangerous because a number of security regulations overlook basic IT security controls. Sure these regulations address the need for encryption or the development of an incident response plan but few require a wide range of best-practice controls such as up-to-date anti-virus software. More breaches occur as a result of security gaps.
 
5.    Cloud computing services, a storm is coming.
Cloud services continue to gain in popularity, so too will related security breaches will also flourish. Companies are smartly embracing the cloud for the associated cost savings and ease of use. These types of services have been around for years, it has only been in the last couple of years due to increased and stable bandwidth that companies are looking at cloud services.  Unfortunately, current reports indicate that companies are underestimating the importance of security due diligence when it comes to using these cloud providers.   

This is only a few of the security challenges we face in the future.  2012 will see more vulnerabilities, threats and exploits than in any time in the history of security.

- Tom Pruett, Cisco & Security Expert; MCT, CTT+, CISSP, CWNA, CEH, CHFI, CCSI, CCNA, MCSE LinkIn with Tom

Bookmark and Share

No comments:

Post a Comment