Predicting the distant future of IT security is tricky, but the near future – the next 12 to 18 months – is a little easier. After all, the seeds of what is to come were planted in the recent past. Traditional security threats posed by hackers, viruses and worms over the past 10-plus years are still a concern, and have been joined by newer, emerging threats from the proliferation of Web 2.0 apps, mobile computing and custom attacks.
These threats are dramatically increasing security complexity. But they’re not the only issues concerning businesses. There’s also the simple mistake, or moment of carelessness by a trusted employee when handling data, which can have far-reaching consequences unless the risks are mitigated.
So what specific threats should organizations be preparing for during the coming year? And what are the implications for business IT security infrastructures? Based on our research and feedback from customers, here are Check Point’s thoughts and projections for 2011 and into 2012.
Be Web 2.0 wary
While malware, phishing attacks, Trojans and key-loggers continued to proliferate on Internet applications, the emergence of more rich-media capabilities in Web 2.0 apps and mobile devices will increase the number of drive-by-downloads and sophisticated, blended attacks.
For example, embedded videos and links in social networking pages are becoming popular spots for hackers to embed malware. The more employees that use rich media and Web 2.0 applications in an organisation, the greater the chance of unwittingly exposing the company to an attack – unless the right protection is in place.
Fitting new Windows
According to the Check Point survey mentioned earlier, 7% of organizations have already made the leap to Windows 7 and another 54% plan to migrate in the next two years. In addition, organizations are using an average of nine different vendors to secure their organization’s infrastructure from the network to the endpoint, creating difficulties in security management, loss in productivity and potential security holes in between the individual products.
Businesses may find that Windows 7 migration is a good time to look at the number of security vendors’ solutions they are using and decide to consolidate endpoint security solutions. Because Windows 7 presents a clean slate for the OS, it can be a clean slate for security as well.
Virtualization security becomes real
Businesses are starting to leverage virtualization technologies as an additional layer of security defense, supplementing traditional security solutions. Examples include browser and session virtualization that segregates and secures corporate data from the Internet – allowing users the freedom to surf with full protection against drive-by-downloads, phishing attempts and malware.
Taking it with you: mobile working and consumerization
Mobile computing is no longer a trend but a way of life for most businesses. 54% of the organizations we surveyed anticipated that their remote users will increase in numbers in 2011. In part, this is driven by employees demanding remote access to business applications, data and resources – connecting from both corporate and personally-owned devices.
The majority of organizations surveyed were also concerned that growth in remote users will result in exposure to sensitive data – with security threats including unauthorized network access and user management complexity.
In 2011, attackers will identify new ways to obtain data from mobile devices, encouraging enterprises to adopt new solutions that give employees secure mobile access to the corporate network, and that work across a range of mobile devices running on Apple, Android, Symbian and Windows PC platforms.
Fixing leaks and losses
As seen by the leak of hundreds of thousands of sensitive US documents to WikiLeaks, enterprises need to do more to protect their sensitive data, both from external and internal parties. This incident is yet another reminder to businesses that a layered and holistic approach to security is important in order to move data loss from detection to prevention.
In 2011, it’s likely that businesses will explore methods of protecting data across multiple layers, including data-at-rest, data-in-motion, and data-in-use.
Document security adds a fourth layer of protection throughout the data lifecycle. Document security can provide IT administrators (or end-users) granular control over who can view, open, send or even print confidential information – in order to prevent the misuse, modification, loss or theft of sensitive information. It’s likely that businesses will look to flexible solutions that enable tailoring of security infrastructures to their exact needs.
In summary, trying to make firm predictions about the future is risky. But it’s riskier still to do nothing about the ever-changing threat landscape presented by malicious parties, or trusted employees that make a simple mistake. The one prediction a company can’t afford to make is that a security breach will never happen to them.