Close
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity
    • IT Management
    • Small Business

    IT Security Predictions for 2010

    By
    Brian Prince
    -
    November 25, 2009
    Share
    Facebook
    Twitter
    Linkedin

      In the past 12 months, the security industry saw a resurgence of worms, an increase in rogue antivirus software scams and much, much more. But with the sun setting on 2009, security pros are turning their eyes toward the coming year.

      In it, they see a future with a threat landscape not all that much different from the present – but with a few changes in scenery. Here are the top 3 predictions from IBM’s X-Force research team:

      1) Pirated software will drive insecurity in much more dynamic ways than previously realized. Users of pirated software are afraid to download updates, thus are exposed to security risks because their software is entirely unpatched. Also, newer versions of pirated software now come with malware pre-installed. As a result, users of pirated software will become the new “Typhoid Marys” of the global computing community.

      2) Social engineering meets social networks and ups the ante for creative compromises. Criminal organizations are increasingly sophisticated in how they attack different social networking sites. For example, Twitter is being used as a distribution engine for malware. LinkedIn, however, is being used for highly targeted attacks against high-value individuals. We will see these organizations use these sites in creative new ways in 2010 that will accelerate compromises and identity theft, especially as new commercial applications increase the disclosure of valuable personal information on these sites.

      3) Criminals take to the cloud. We have already seen the emergence of “exploits as a service.” In 2010 we will see criminals take to cloud computing to increase their efficiency and effectiveness.

      The services referenced in point three can run the gamut from services to verify malware isn’t detected by security tools to launching large-scale infections of chosen malware, noted Robert Freeman, senior technologist for IBMGlobal Technology Services.

      “The exploitation industry – at least as it relates to criminal organizations – is becoming increasingly service-oriented,” he said. “It is less about zero-day exploit sales and more about providing useful mechanisms at competitive prices for attackers of various sizes.”

      Social networks have increasingly gained ground as an attack vector, though it is not nearly as prevalent as e-mail. Still, worms using social network data can be even more successful, as they can contain personalized messages mentioning a victim’s family, friends and interests based on information from their social networking profiles, said Jon Larimer, malware researcher for IBM X-Force.

      “However, worms that spread through the sites of social network messaging systems will be short-lived, as the site operators have the ability to filter messages and stop worms pretty quickly,” Larimer added. “This means that the most successful worms of this type will use social networking data but will spread through e-mail, which is more decentralized.”

      Over at Sophos, Security Analyst Michael Argast opined that attacks against hosted services will see an upswing as well.

      “I expect that the continued interest in these services, combined with outages, targeted attacks and leaks will keep the balance of internal security vs. hosting data in the cloud to continue to be an area that will vex CISOs in the year to come…they will be under targeted attack, both directly via security vulnerabilities and attempted intrusions and indirectly through credential theft and phishing attacks,” he said.

      Perhaps unsurprisingly, Argast predicted the focus on targeted data theft will rise, but with attackers going through more indirect routes to get data. That includes using social networking sites, he said.

      “The recent rise in consumer privacy data being lost via iPhone apps and Facebook apps is one example, but also examples like criminals signing up for direct access to credit bureaus, and taking advantage of the down market to involve insiders,” he said. “Also, less obvious targets of data theft will be more common – smaller businesses will be under attack…A nasty example of this trend starting this year was the rise in attacks on the higher education market – since these organizations often struggle with IT security due to their open network access policies, but at the same time have hundreds of thousands of student records with confidential data.”

      “I expect next year, a rise in attacks on health care organizations will occur for similar reasons, continued attacks on retailers big and small, tax authorities, school systems – anywhere where lots of records are kept by organizations that haven’t traditionally had best practice security in place,” he added.

      Brian Prince
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.

      MOST POPULAR ARTICLES

      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Applications

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Cloud

      IGEL CEO Jed Ayres on Edge and...

      James Maguire - June 14, 2022 0
      I spoke with Jed Ayres, CEO of IGEL, about the endpoint sector, and an open source OS for the cloud; we also spoke about...
      Read more
      Applications

      Kyndryl’s Nicolas Sekkaki on Handling AI and...

      James Maguire - November 9, 2022 0
      I spoke with Nicolas Sekkaki, Group Practice Leader for Applications, Data and AI at Kyndryl, about how companies can boost both their AI and...
      Read more
      IT Management

      Intuit’s Nhung Ho on AI for the...

      James Maguire - May 13, 2022 0
      I spoke with Nhung Ho, Vice President of AI at Intuit, about adoption of AI in the small and medium-sized business market, and how...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×