At the Infosecurity Europe 2006 Press Conference a panel of speakers from MessageLabs, Centennial Software, (ISC)2, Black Spider, Juniper Networks and Insight Consulting debated the most dangerous security threats we can expect in 2006.
Everyone agreed that mobile security issues, viruses and phishing are the top candidates for difficult situations that will cause a headache for security professionals this year.
Internal security threats are coming together into the spotlight again, and it’s a layer of security you should take an immediate look at.
The immense challenge that organizations face when combating threats is education. It is the foundation on which the security architecture has to be built upon.
Home users are still not aware of the dangers and they don’t know why and how to implement the basic security measures. Some of them, like a simple firewall, are already implemented into hardware they have in their home.
Companies should think about who they work with and the volume of security their partners and distributors have implemented. Some minimum standards should be enforced to ensure the overall degree of security.
A question has been raised where the security profession is going. Unquestionably, there’s going to be increased awareness when it comes to the role of the security professional within the organization. With compliance issues and security audits around the corner, there is going to be more people getting certified. The security industry is becoming more accountable for what’s happening and compliance is a bit part of this situation.
It’s a known fact that employees are occasionally engaged in surfing activities that are not work-related; the panel agreed computer usage should be monitored in order to be aware of what’s happening on the network. What action the employer (that some may call Big Brother) wants to take after discovering such activities, should be governated by the security policy the employee signs when being hired.
Some countries have laws that protect the privacy of a person to such an extent that they prohibit the company to monitor his computer activity in any way. This leaves the security professional in a tight spot and unables him to do his job properly, not to mention that it leaves some network activity completely unmonitored. Should the privacy laws be changed to give the employer more freedom to “snoop”? This is going to remain an open debate.