Written by Dave Stelzl CISSP

Security issues in 2010 – what should we expect?

Who knows?  Predicting technology trends is like trying to figure out the economy…however SC magazine tends to publish some of the better commentary on these types of things since it is their only focus.  Here’s what they say (Summarized into one short blog entry):

  • Social networking threats: This is the big target – everyone is using some type of social networking platform, so why not take advantage of it – with automation and anonymity, this is the easy target. Since employers can’t really stop this from happening, it’s up to the solution providers to find ways of detecting data leakage and malware that come through the wide open door of social networking.
  • Windows 7: Can you believe the Vista mess is behind us?  Make sure you capitalize on upgrading old platforms and removing any Vista that did get rolled out.  I have to laugh at those who said, “I think it’s stable now”. But Windows 7 is not the end of security threats – expect malware to proliferate on this platform as it has on older Windows workstations.
  • New platforms: Mobile devices are another big target – especially apps for phones from Apple and Google.  People are doing more on their phone and the crooks know it.  New products from anti-malware companies will help, but your expertise will be needed.  Start now by educating your clients on the need to adopt new technology with security in mind. The phone is just a small workstation at this point – remember pay phones!
  • Apple: Quote from SC Magazine, “I’ll believe that the Mac OS has become a viable target when the PR folks in Cupertino start returning my phone calls. Next…”.  I know Kaspersky is on top of this…By the way, I am really enjoying my MacBook Pro.
  • Peer-to-peer malware/data leakage: Nothing new here.  I think the real danger is for those who take work home – is there something your team can do to expand services to home systems used for work?  It’s definitely a hole in the security programs of your clients.
  • HTML5/IPV6: Too early – might be an issue next year.

Looking at technology, I believe we need more user awareness training, better policy management and enforcement, and a migration to more efficient/automated detection technology – with a strong response plan.  In my opinion, perimeter security is over, so let’s move on.  It’s a great time to build up managed service business with a security spin.  If you don’t have one, consider OEM opportunities – Many choices are available at this point.

Advertisement

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s