The security landscape from 2010 to 2011

Vendor-neutral testing and certification firm ICSA Labs offers its thoughts on the security landscape spanning 2010 and 2011.

Mobile security

1. While most hackers heavily focused on Nokia’s mobile phones, mobile malware will increasingly target non-Nokia devices including Apple, Blackberry, Android and Microsoft.

2. Mobile malware, which is currently very localized to Russia where premium SMS is available, will start becoming more prevalent in other regions as well. Additionally, malware will increasingly target mobile devices, such as smart phones, iPads and other tablets, with built-in Wi-Fi. Though some companies are beginning to offer antivirus software for mobile devices, the rate of adoption is nowhere near that of desktop users. Users, who are willing to browse the web with these devices, install different apps with little thought to their origin or security, then connect the devices to their home or office Wi-Fi network, need to think twice!

3. Bots will continue to be an issue even as ISPs and governments increasingly employ mechanisms to stop them.

Cloud security

1. As more users move to the cloud, we believe we will see more attacks directed at cloud-based services. Many companies are concerned about moving their data to the cloud; however, as the cloud becomes mainstream, enterprises need to be prepared. Cloud services will become prime targets for hackers wanting to gain access, not just to a specific company’s data but possibly to multiple victims simultaneously.

2. The good news is that in 2011, you will see more security products and services designed for cloud computing, as well as the adaption of existing products to provide better security services for cloud data.

Next generation firewalls

This emerging market segment will get more clearly defined with the traditional firewall vendors gaining significant foothold. The market will recognize that many of the features that are touted as being essential to a next-gen firewall already exist today in many products.

Smart grid

1. The smart grid initiatives that the government has invested millions of dollars in will finally tackle security in a clear and coherent manner. Utilities will demand that smart grid product vendors demonstrate some form of third-party attestation that these products have met defined security requirements.

Anatomy of attacks in 2011 and beyond

Expect to see more customized, targeted malware like Stuxnet in the coming years. We’ve already seen malware written to exploit specific banking Web sites, and now Stuxnet has demonstrated a new level of sophistication. Although it was speculated that Stuxnet was politically motivated, hacking has become a for-profit crime. We can expect similar sophisticated attacks directed at profitable targets, such as banks and other financial institutions and possibly health care.

Trends in government

1. 2011 will be the year IPv4 address space is exhausted. For this reason, the U.S. government’s Federal Acquisition Regulation (FAR) is requiring IPv6 testing that started in 2009. U.S. CIO Vivek Kundra released a memo requiring IPv6 compliance in a phased approach by fiscal year 2012 and then fiscal year 2014. With deadlines in place, IPv6 will become a priority for technology vendors in 2011, especially those working with government institutions.

2. In 2011, you will see ISPs rollout IPv6 into the homes and onto mobile devices across the U.S.

3. 2011 will see more U.S. government intervention and oversight in the technology arena. Examples include National Institute of Standards and Technology’s USGv6 Testing Program for IPv6 transition, Office of the National Coordinator for Health Information Technology – Authorized Testing and Certification Bodies (ONC-ATCBs) for certification of electronic health record (EHR) technology, and smart grid. The government is funding the development of new technologies through various stimulus bills, and with that funding comes oversight. It appears that the U.S government feels the private sector is either moving too slowly or without enough thought to security, privacy or both, so it is trying to drive various markets forward.

Don't miss