Articles Information Security Security Issues That May Emerge In 2009!
Friday, 16 January 2009 00:00
Security is going to be a crucial issue in 2009, notwithstanding all the advances in firewalls and anti-virus software. Here’s a look at some of the trends that we are likely to see in the coming year…
The Indian IT security market in 2006-2007 was totaled at nearly Rs. 210 Crore (US$ 46.8 Million), and by 2010 end, it is forecasted to surge to Rs. 1,958 Crore (US$ 464.4 Million) on account of increasing demand from business sector and continuous IT development in infrastructure.
The cat and mouse game between IT professionals and hackers is set to continue through 2009, with the former blocking security gaps and the latter attempting to discover or create new ones. While we can be sure of software solutions and virus alarms by the dozen, some of the trends that we expect to stand out in 2009 are as follows:
|
Storage media encryption Unencrypted confidential data in storage media is subject to theft or loss, which can be used or sold by the attackers. Early this year, a laptop belonging to a New Jersey-based health insurance company was stolen by a health insurer. It contained personal information including the SSNs (social security numbers) for its 3,00,000 members. Companies are getting serious about situations where sensitive information is stolen on media like CDs, DVDs, back-up tape drives, laptops, etc, and will implement encryption technologies and fraud-detection software. After securing network boundaries, we will witness a rapid shift in the attention of business managers towards securing the information assets of organisations. IP (intellectual property) protection will regain focus with an increased need to protect proprietary information. Increasing mergers and acquisitions will also raise the need for IP protection technologies. With increasing threats to national security, companies will be forced to adopt better physical security technologies and implement strong business continuity planning (BCP) and disaster recovery (DR) procedures. More companies will be following compliance and regulatory rules. Development of applications with Web 2.0 technologies has thrown open firms to new risks. With Web 2.0, there is a lot of content being passed back and forth between the client and server. With a decline in new operating system or service level vulnerabilities, securing the Web applications developed on the latest technologies will stay as the top priority for most organisations. Virtualisation will be the way to save on costs during the current economic slowdown and is also likely to gain momentum as CIOs are planning to rush towards Green IT implementation. Consolidation of servers into a single system makes the network traffic work on the hosts itself, which makes network-based tools useless. Virtualisation security will be seen as a new challenge for the information security professionals. |
|
Mobile security With the increasing usage of mobile applications and with the launch of 3G networks, there will be an increased need for the security of mobile devices and mobile applications. The resurgence of viruses that target portable media has resulted in the US DoD (Department of Defense) and NASA (National Aeronautics and Space Administration) banning USB (universal serial bus) thumb drives to prevent malware entering their networks. Botnets A botnet is a network of compromised computers available over the Internet. Most of the time, owners of these computers are unaware of any compromise. The botnet originator can control the entire botnet under a common command-and-control infrastructure. Botnets are being used to propagate billions of spam e-mails per day, carry DDoS (distributed denial-of-service) attacks, and to host many phishing websites. They are likely to pose a formidable challenge to organisations in the new year. Spam techniques Spam techniques are evolving to evade traditional anti-spam engines and trick users into reading spam messages. Spammers are also increasing the vectors that spam is taking, like voice spam, social networking sites, etc. Again, overcoming them is going to be quite a task for organisations. Users will have to be more vigilant than ever. SaaS security offerings Security services are unaffordable to SMBs, which opens the door for productised security services on a software-as-a-service (SaaS) model. The remarkable success of companies like salesforce.com and zoho.com has highlighted the potential for SaaS players in this security domain. Client-side browser-based attacks Malicious iframe links are being inserted into websites, which launch a number of exploits on the client’s computer, while being invisible to the user. Users thus get compromised by just visiting an infected website. The Times of India website had a similar infection last year. The increasing interest of people in social and professional networking sites makes it much easier for the writers of such programs to find victims. The Symantec ISTR 13 noted that over 58 per cent of vulnerabilities reported in the second half of 2007 affected Web applications. The browser and its components are definitely the new targets for those launching widespread attacks—a trend that will continue in 2009.
|
This article was also published in I.T. Magazine
| < Prev |
|---|
