It's getting late in the year, and it's about time to start looking forward to 2011. While we can speculate about a great many topics, few trends are going to be as important to anticipate as those related to security. We asked an expert in the field about some of the things he is anticipating. WebProNews interviewed Paul Wood, MessageLabs Intelligence Sr. Analyst at Symantec Hosted Services about what businesses and consumers can expect to deal with in order to stay secure over the next year.
Mobile Phones and Tablets
First off, we asked what implications all of the new mobile devices and tablets coming out have on security in the coming year. "Three trends emerge," Wood tells us. "Increased mobile device processing power will mean more opportunity for malware to run on these devices. As their numbers and use increase, they become a viable target for attackers. Many brands of mobile devices will share the same chipsets and threats targeting vulnerabilities in some chipsets will emerge in 2011."
"Increased convergence from a technology perspective means that more people than before are using mobile devices to access their email and social networking circles," he continues. "From a corporate perspective, business users will be accessing business data and services whilst on the move – often outside the boundaries of the physical corporate network – so applying the same rules to enforce acceptable usage policies, for example – will become more important."
"Security protection will be required to work seamlessly across many platforms as users switch between devices and laptops used to store and transmit information online," he adds. "Businesses will look to the cloud to secure their information longer-term, irrespective of how the data is accessed. There will also be a drive for stronger cloud-based authentication and for the cloud to remove malicious threats before they reach the network or device."
Social Media Threats
When asked whether social networks like Facebook and Twitter will start becoming bigger security problems or less of an issue in the next year, Wood says, "Social networking will continue to be a persuasive force and will continue to be exploited as a means of running confidence tricks – social engineering attacks - and for distributing malware. The level of risk will remain unchanged from this year, but the level of sophistication involved may increase. This may manifest as phishing attacks to compromise legitimate accounts and third-party apps may be likely to continue to be a source of malware and attacks against privacy. We expect to see more fraud targeting virtual online currencies."
As you're probably aware, location sharing is becoming more common thanks to capabilities in mobile phones as well as the market saturation of check-in apps. We asked Wood if threats based on the sharing of location are going to become a bigger problem. "Probably not, it’s difficult to see how to monetize attacks over the internet using location sharing," he says. "One attack that may be predicted is for malware faking location information in order to boost ranking or prominence of the spoofed location. This type of information will be of value in the reconnaissance stage prior to a targeted attack, or perhaps prior to burgling someone's house - the robber can know the owner is elsewhere."
You may recall a site/Twitter account called PleaseRobMe, dedicated to illustrating that very point.
As far as changes over the next year with regards to email spam, Wood says, "It's going to remain in excess of 90% of all email for most of 2011. Botnets will continue to be a major threat and a major source of spam – currently 90% of spam is sent from botnets."
"Spam will increasingly use URL shortening links as these are legitimate domains – we may even find a legitimate shortening domain being compromised or spammers establishing their own such services, using disposable domain names and chaining them together," he predicts. "Spam will increasingly make use of the news and current affairs by consuming RSS feeds from major news aggregators and using these headlines as subjects in the messages. More spam will be sent from new economic areas, particularly East Africa as increased broadband capacity is deployed in the region."
The One Thing Businesses Should Do
Finally, we asked Wood if he could name one thing as the single most important step businesses should take to protect their data, what would it be?
"Know what it is that you’re trying to protect," he answers. "Too many businesses look for magic bullets that will make security go away. The reality is that security is achieved by knowing what it is that you are trying to protect - know your assets, who has access to these assets and under what circumstances, and what are the attacks directed against the assets. By considering these issues, businesses can build coherent defences that protect their systems yet also allow employees to get on with their work."
Symantec's Kevin Haley has some more interesting predictions for 2011 in a new report here.