The industry reflects, looks ahead

By Staff, ZDNet Asia
Friday, March 14, 2008 06:39 PM

Patrik Runald, security response manager, F-Secure Security Labs

Patrik Runald,
F-Secure

To overcome increasingly sophisticated security solutions implemented by financial institutions/users, cyber criminals are continuously refining their techniques, especially through social engineering tactics, to improve their rates of success.

Q. What do you remember as the biggest industry news for 2007, and why?
Runald: The biggest industry news for 2007 is the exponential growth in the volume of malicious software. In fact, F-Secure detected a quarter million new malware in 2007, and this figure is almost equivalent to that of the previous 20 years combined. This massive increase in volume can be attributed towards variants of existing malware and techniques that were refined and adapted for greater effectiveness by malware authors.

A good example of this is the evolution of botnets, especially the "Storm" worm which is the largest-ever P2P (peer-to-peer) botnet that mankind has ever seen. With starter kits and technical support becoming widely accessible today, it is becoming increasingly easy for cyber criminals to create or modify these botnets, greatly encouraging the proliferation of such malware.

Name three hot technologies to watch in 2008.
In the security space, we foresee three upcoming security threats in 2008. First is the new techniques applied in banking Trojans such as "man-in-the-browser" attacks.

The second is Trojan password-stealers, specifically those that target popular online games.

The third is enhanced social engineering tactics used to launch bulk targeted attacks via spam with the increased availability and accessibility of personal information posted on social networking Web sites.

Motivated by financial incentives, cyber criminals are constantly looking out for ways to steal personal and banking data of Web users. To overcome increasingly sophisticated security solutions implemented by financial institutions/users, cyber criminals are continuously refining their techniques, especially through social engineering tactics, to improve their rates of success.

Moving ahead in 2008

1.	Socializing goes big in 2008
2.	The urge to merge in 2008
3.	New chips on the block
4.	Web threats dominate security landscape
5.	Battle for the mobile platform space in 2008
6.	The industry reflects, looks ahead

Looking back on 2007

1.	Looking back at 2007 with envy
2.	Predictions that went right and wrong
3.	2007's movers and shakers

Name up to three security trends that IT heads should look out for in 2008.
The first is database breaches. There are massive amounts of personal data vulnerable to theft stored in databases worldwide and reports of database breaches and data losses are becoming routine. Examples of these incidents include TJX Companies exposing credit card numbers and transaction details and HM Revenue & Customs (HMRC) losing 25 million names, addresses and national insurance numbers.

Cyber criminals often make use of this stolen information to commit ID theft or mass targeted attacks and mass spear phishing. By making use of this information to enhance their social engineering tactics, users often lower their guard and expose themselves to phishing, backdoors and Trojans and compromising their organizations' security systems.

The second is Web exploits. As "spray and pray" spam waves decrease in effectiveness, there is an increase in Web based security threats. This is further fueled by the increasing availability of ready-made kits for vulnerabilities that target Windows, Internet Explorer, QuickTime, Real Player and WinZip.

The third is mobile security. Increasingly, employees are making use of mobile devices such as smartphones to work while traveling. More often than not, these devices are not equipped with adequate security solutions against malware such as spy tools. This, in turn, gives rise to the possibility of information and data leaks.

The biggest challenge facing IT departments is...
... Ensuring that the organizations' systems are secure against the growing volume and complexity of threats while promoting business productivity. In this aspect, organizations can explore investing in a comprehensive integrated security solution or adopting Security as a Service where security solutions are provided for by their local Internet Service Providers (ISPs).

This will enable end-users and organizations, especially SMBs, to be able to focus on improving business productivity and effectiveness without having to worry about security-related issues.

Datacraft

Google

0

0 votes

Save to My Library

Talkback 0 comments

There are currently no comments for this post.

Reply to story

Featured Whitepapers

Tech Jobs Now!

TechGuides

Specials
News and Interviews
Whiteboard

UOB banks on economic downturn
Singapore bank's IT chief Susan Hwee explains how financial crisis offers new opportunities to reengineer
Play video
Domino's Pizza keeps customers eating
CEO Don Meij discusses strategy to grow customer base
Play video

Amazon CTO: Cloud's advantage
Werner Vogels' discusses business benefits of cloud
Play video
Salesforce CEO chatters about new social media platform
Facebook-type app hits the enterprise
Play video

Cost Effective, Secure and HA Server Infrastructure for SMBs
Alan Wan from Dell illustrates how small and medium businesses can build a high availability IT infrastructure without requiring heavy investments on skills and resources.
Play video
Enterprise 2.0
Vince Casarez, vice president of product management at Oracle, explains how Web 2.0 technologies, such as tags, wikis, and mash-ups, can be applied within an organization.
Play video