|Heading for 360-degree security|
Monday, 14 December 2009 02:00
Next year, security trends will reflect the increasing interconnectedness of systems.
While security has traditionally focused on putting up a perimeter fence to keep threats out, it has now evolved to monitoring activity and identifying patterns in multiple networks, says Gartner in its top 10 strategic technologies outlook for 2010.
“Information security professionals face the challenge of detecting malicious activity in a constant stream of discrete events that are usually associated with an authorised user and are generated from multiple network, system and application sources,” says the firm.
David Cearley, Gartner VP and distinguished analyst, notes: “Rather than just keeping the bad guys out, it`s a question of `how can I monitor all activities and look for patterns of bad activity generated by internal users?`”
According to Brett Myroff, CEO of Sophos SA, the 2009 online threat landscape saw a number of developments, some of which will continue in coming months.
These include the Conficker worm, scare and rogue anti-virus attacks, hackers exploiting news events through SEO poisoning attacks, and the first attacks on (jailbroken) iPhones.
“Conficker may not feature as a big problem in 2010, but the other issues are sure to grow as problems,” says Myroff.
He adds that cyber criminals have leapt on opportunities like the deaths of celebrities to automatically generate keyword-stuffed Web sites carrying malware, “ripe to be picked up and ranked highly by search engines”.
“Furthermore, I anticipate that hackers will become more focused on exploiting vulnerabilities in software which often escapes customer updates.” He says Microsoft and Apple have done a good job of automating security patches, but other software such as Java or Adobe Flash and Acrobat Reader are often out of date.
“Separately, as smartphone operating systems become more popular, with the rising adoption of iPhone and Android devices, it would be a brave man who said he did not believe there would be any attempts to exploit those users during the next year.”
Gartner advises that particular attention be paid to the major growth of Web 2.0 sites and their ongoing development. “The most targeted Web 2.0 applications will remain the social networks”.
Myroff also expects social network attacks to continue. “We learnt long ago that criminals feed where their victims gather. It`s like zebras drinking at the waterhole – that`s where the guys with the sharp teeth are going to find their lunch.
“As hundreds of millions of people spend more time at online waterholes like Twitter and Facebook, so we will see more and more criminal activity, hitting them with malware, spam, and identity theft.”
In many ways, says Myroff, social networks are providing the new `bots`. “We know that cyber criminals are bent on commandeering poorly protected computers to relay spam, distribute malware and steal identity information. But they are also now recognising the real dollar value of having a large number of social networking accounts under their control.
“From them they can send spam and spread malware with an even higher chance of success, as many users believe a message sent from their `friend` via Facebook or Twitter can be implicitly trusted.
Guarding the cloud
According to Gartner, `360` security will become important as organisations apply security across the cloud, the edges of their networks, and for specific devices. “A 360-degree focus on security requires more than just securing applications or corporate networks,” says the firm. “It`s a continual process that includes doing lots of little things well to protect information from being compromised.”
Myroff says there`s clearly a growing problem of data leaking out of businesses, either accidentally or through the involvement of malicious hackers.
He adds that smart companies are deploying solutions that encrypt their sensitive data or control access of portable devices such as USB drives, which could lead to data loss. “As data loss incidents are often highly damaging, we wouldn`t advise firms to take the gamble of not defending themselves now.”
There has been a catalogue of security breaches involving companies who put their trust in the cloud, and then the cloud lets them down, says Myroff. “I wouldn`t expect this to come to an end in 2010.
“Companies need to make a policy decision about whether they want to trust their sensitive information to an Internet service, and then ensure that the policy is enforced throughout their organisation.”
Add your 2Cents
Newer news items:
Older news items: