Aside from the festivities of the holidays, one thing that always makes December special is the combination of reflecting on the year gone by, and looking ahead to what the next year might hold. It is filled with top 10 lists and predictions on every imaginable topic.
In that spirit, I decided that it’s a good time for me to contribute to the annual onslaught of prognostications with a look at what 2011 holds in store for security–with a little help from some outside sources.
2010 saw the Stuxnet worm–apparently developed specifically with the goal of compromising Iranian nuclear reactor functionality, and the attack launched against Google (and a number of other companies)–seemingly orchestrated by the government of China if the WikiLeaks documents are accurate. Malware attacks are now a tool for both corporate and state-sponsored espionage, giving IT admins one more thing to worry about.
Attackers have a new way to exploit current events, though, and that trend will continue in 2011. Malware developers have figured out how to game search engines to get malicious links featured prominently in search results. MessageLabs suggests that in 2011, “Rather than just promoting compromised websites through search engine optimization they will proactively identify websites likely to see higher than normal levels of traffic based on current events or hot topics on the internet.”
Now, the Web is not only commonly used as the Web, but increasingly it is becoming the everything. Web-based e-mail and productivity applications, and cloud storage are part of the mainstream now, making the Web an even more attractive target.
A spokesperson from Palo Alto Networks describes how current trends increase the security concern. “Consolidation of various messaging platforms (chat, social media, email) into Web services (Gmail, Facebook, Yahoo Mail, etc.) will increase–making it an attractive target for hackers who want to break into the corporate network.”
Palo Alto Networks explains, “Hackers will prefer to break-in through the back door or side window instead of a full frontal attack on the front door of Facebook and other social media sites.”
That is true for PCs and mobile devices as well. IT admins will still have to monitor and protect the primary platforms–be it Windows, Facebook, an Android smart phone, etc.–but will also have to scramble to ensure that the various networks and applications those platforms are connected to don’t leave a window open for attackers.
Laptops–whether notebooks or netbooks–are becoming the norm and replacing desktops as the standard issue hardware in many organizations. Combined with the explosion of smart phones and tablets, users are now connecting to e-mail, files, and other network resources from virtually anywhere.
While setting up office from a neighborhood coffee shop or hotel lobby while on the go is obviously convenient, it is a security nightmare. Public wireless networks are prone to snooping, and just accessing sensitive information in a public area can unwittingly expose it.
IT admins can guard against those threats by requiring a secure VPN connection to connect with company resources, and by implementing policies preventing users from conducting work in public areas. However, dealing with the sensitive data stored on the mobile devices is a more difficult issue.
The same small size and portability that makes mobile computing devices like netbooks, tablets, and smart phones so convenient also makes them easily lost or stolen. These devices commonly have gigabytes upon gigabytes of storage capacity, and may hold sensitive data. Attackers know this, and mobile devices will be a common target for theft–both casual theft for the value of the device itself, as well as more targeted attacks aimed at mobile devices of executive managers or key personnel.
There you have it. What are your predictions for 2011? Feel free to share your thoughts on what 2011 holds in store for security in the comments. Let’s meet back here in December of 2011 and see how accurate our predictions were.