You’ve probably read dozens of 2010 security ‘predictions’ from vendors, analysts and security staffers alike. I, too, have a view of what security challenges will require the greatest attention in 2010.
Not surprisingly, I see security in 2010 much the same as others. You’d have to be living under a security rock to not predict Cloud, Web 2.0/social networks, mobile devices and cyber crime as things to be wary of in 2010.
But I have a couple of alternate views as to why some of these threats will be more prevalent in 2010. For example: Yes – cyber criminals will exploit platforms like social networks and cloud, but they also will look for easier ways to steal sensitive information.
Rather than write variants of malware, they will hire ‘moles’ to pinpoint weaknesses and use employees (or former employees) willing to siphon data for a profit. This all is part of stealing information in a more stealth fashion. Long gone are the days of hacking for a reputation.
This new attack vector is part of why Data Leak Prevention technology will become more identity-centric and will grow in 2010. As companies gain a better understanding of the capabilities of DLP and IAM, they will leverage the combination to improve information security while maintaining productivity.
For good measure, here are my hot areas of security in 2010 are below. I’d love to hear your comments in the area below:
- ‘Quiet’ cyber attacks – In the past, these attacks were often ‘loud’ in an attempt to gain attention; more and more they are becoming ‘invisible,’ with cyber criminals working hard to remain under the radar.
- Internal threats – While employees misusing data and making mistakes is a constant threat, the internal threat has morphed to having more intentional motives as a result of the poor economic conditions.
- Attacks on mobile devices – Up until now, there have not been many successful attacks against mobile devices. However, with the new and innovative ways of using these platforms (e.g. games that collect information) and more open interfaces, criminals will be looking for ways use that information to make money.
- Security in the cloud – Companies will continue to do more with less, which will drive adoption of cloud-based models. Ultimately, the responsibility for the security of data in the cloud is that of the organisation collecting the information. This will drive more specific customer/vendor agreements.
- DLP and its relationship to IAM – With a ‘predicted’ increase in threats coming from inside an organisation, companies will need to look for new ways to improve the way it controls and protects data – while still allowing flexibility for employees to do their job. Consequently, DLP will become more about ‘identity centric’ and integrate with identity and access management technology so IAM becomes more ‘content aware.’