2009 will continue the trend of increasing size, scope, and concentration of security attacks on computer networks nationwide. The volume of attacks from international sources will continue to increase, as will the sophistication of application level attacks such as SQL injection, buffer overflow, and cross site scripting (XSS). These will be directed towards high traffic websites (news sites or social networking sites) that when compromised will install malware to a large numbers of users.
The top nine threats and their corresponding solutions/New Year’s Resolutions are listed below in descending order of severity. Each threat is ranked by status as a Rising, Steady or Weakening Threat.
Threat #1 Malicious Insiders (Rising Threat): Employees with malicious intent have always been the biggest threat to their organizations.
Threat #2 Malware (Steady Threat): Malicious software can include viruses, worms, Trojan horse programs, etc. but most importantly websites that host malware, which has become the most prolific distribution method.
Threat #3 Exploited Vulnerabilities (Weakening Threat): Hackers find a weakness in a commonly used system or software product and exploit it for their gain.
Threat #4 Social Engineering (Rising Threat): With hacking you are compromising a computer, but with social engineering you compromise a human by tricking him/her into supplying personal information and passwords. Any method of communication will be used to perpetrate this fraud including telephones, mobile phones, text messaging, instant messaging, impersonation of support/vendor staff and social networking sites.
Threat #5 Careless Employees (Rising Threat): Mistakes made by careless or untrained employees can lead to a significant security compromise. A poor economic climate puts strains on employees causing them to cut corners or important duties. It can also lead to less formal employee training.
Threat #6 Reduced Budgets (Rising Threat): A weak economy leads companies to tighten their budgets, which results in less headcount and less money for upgrades and new systems.
Threat #7 Remote Workers & Road Warriors (Steady Threat): Telecommuting and mobile workers are on the upswing.
Threat #8 Unstable 3rd Party Providers (Rising Threat): While there is an increase in IT security expenses required to keep up with the growing threatscape and regulatory environment, there is a decrease in revenues in the market. This may lead many providers to go out of business or cut corners that could lead to a security compromise.
Threat #9 Downloaded Software Including Open Source and P2P files (Steady Threat): IT administrators may download and install open source software or freeware in an attempt to save money, which can lead to a huge waste of time in software configuration in and fine tuning or a data breach.
Kevin Prince, Chief Architect, Perimeter eSecurity said:
For the past several years I have listed what I believe are the top threats but this year the list is different. This is largely due to the current economic, political and legislative environment in the US as well as the type and volume of information that is now available on the Internet. It doesn’t have to be all doom and gloom, however. By identifying these threats we can limit our exposure to them. As always, with data security, it isn’t so much about having more as it is about having the right stuff.