Borderless security with BYOD, and the invasion of social media are among the trends to watch out for.
1. Big Malnets Will Continue to Drive Majority of Attacks: Expect as much as two-thirds of all malware attacks in 2012 to come from known malnets (malware networks) such as Shnakule. These networks are set up to launch attacks on unsuspecting users and their infrastructures spread throughout the Internet, remaining long after any one attack has been launched. They also allow cyber criminals to easily launch new attacks based on topics in the news, such as the Olympics. Expect to see a shift in the security landscape towards blocking the delivery mechanisms of malnets rather than individual attacks.
2. Search Engines Continue to Lead the Pack of Malware Attack Vectors: Search engines are not only the most popular category of content on the Internet but also the leading entry point into malnets. In fact, users enter malnets through poisoned search engine results more than 40 percent of the time. Leveraging the large audience, cyber criminals create poisoned search results based on news events as bait for attacks. Expect search engines to actively work to decrease their role as the leading entry point into malnets by better policing results.
3. APTs Get Personal: Attacks like Aurora raised awareness of advanced persistent threats and spurred corporate security to better protect against these low profile, highly targeted attacks, making it more difficult to exploit corporate connections and accounts. Expect cyber criminals to respond by targeting personal e-mails and Facebook accounts of executives and their spouses to find entry points for stealing sensitive or confidential data.
4. Security Goes Borderless: As companies roll out bring your own device (BYOD) and iPad initiatives, IT departments will face greater risk of compliance failures and data leaks. Users are now always on and securing them as they move from headquarters to the branch office to remote locations to their mobile devices, IT managers will struggle with protecting them in a consistent manner. Expect the need to secure employees across all devices anywhere in the world to drive adoption of cloud-based security solutions.
5. Attacks Target Secure Web Connections: While more Web traffic is being sent over secure connections, certificate authorities have proven to be hackable, allowing cyber criminals to effectively pick the SSL lock. To confront this new threat, businesses will need to be able to effectively scan SSL without compromising network performance. Also expect browsers to find new ways to indicate trusted secure connections because the padlock and green bar will no longer inspire confidence.
6. Social Media Invades Traditional Applications: As businesses continue to realise the value of social media, traditional applications are taking notice and incorporating collaboration features. These features - like Chatter in Salesforce.com - introduce social media to traditionally locked down applications, introducing the collaborative nature of social media but also the risks of data loss, employee productivity and malware. This merging of social media with traditional applications will complicate how companies set and enforce policies and create new requirements for more granular control. These application controls will be centred around two primary objectives: Mitigate malware by blocking downloads and prevent data loss by managing uploads.
Jonathan Andresen is technology evangelist, APAC, Blue Coat Systems.
Sign up for Computerworld eNewsletters.