Predicting the future in such a rapidly evolving environment is near impossible. One only needs to count the rate at which new malware appears today compared to five years ago to see how quickly the threat has become more serious.
Some things do seem certain however:
- The variety of attacks and their number will continue to escalate, driven by organized crime’s desire to break into computers to steal information, identities and resources.
- Data leakage will become an ever-larger concern, especially with the increasing use of mobile technologies. Many countries have introduced strict disclosure laws, or will soon do so. These laws are aimed at stopping companies from sweeping security breaches under the carpet. Even a very restricted data breach, once disclosed, may affect overall trust in an organization’s products and services.
- Compromised PCs, both at home and at work, will continue to remain the primary source of spam. With many botnets adopting a decentralized, P2P-style of operation, quick wins such as the success of taking down the botnet command-and-control centers hosted by provider McColo will become harder to achieve.
- Web insecurity, notably weakness against automated remote attacks such as SQL injections, will continue to be the primary way of distributing web-borne malware. Cybercriminals can then send innocent-looking spam which link to legitimate, but hacked, webpages. These hacked sites link invisibly to malicious content.
- Malicious emails will include an increasing proportion of attachments or web links to nonprogram (non-EXE) files. These will be legitimatelooking data files, such as Word DOCs and PDFs, that are booby-trapped with exploits against software vulnerabilities. Viewing these files, which would be harmless on a patched computer, could lead to an invisible disaster on an unpatched one.
- Identity theft will continue to adversely affect customer loyalty. In the year ahead, companies must assure their customers that proper and thorough security measures have been taken so that the risk of a breach is minimal.
However, if managed properly, the problem should not be insurmountable. Sound security practices, up-to-date protection and an active commitment to keep informed can all help defend business networks in the year ahead.
The good news is that security software is getting better all the time. Proactive detection of new, unknown malware threats is at an all-time high, and computer users who are sensible and properly defended can dramatically reduce the risks.
Sophos.com
No comments:
Post a Comment