Malicious Threats Heighten Information Security Challenges

MBA (7/18/2008 ) Palaparty, Vijay
Malicious threats, including attacks from organized crime, industrial espionage, mobile malware and Web 2.0 vulnerabilities, will heighten information security challenges over the next few years, according to a report from the Information Security Forum, London.
“Criminal groups see online crime as a lucrative and low risk alternative robbing a bank,” said Andy Jones, senior research consultant at ISF and author of the report, Threat Horizon 2010. “And with the problems with protecting large volumes of information held in organizations electronically, businesses are also under increasing threat from targeted espionage and loss of competitive advantage or intellectual property.”

The report said highly targeted and planned attacks by organized crime groups are gaining popularity, while smaller attacks are declining. The crime groups develop sophisticated “business” models for extorting e-economy and money laundering, the report added. It said identity theft and fraud will also increase as a result of social engineering and technical attacks.

ISF warns that mobile device threats will also escalate because the technology does not have the same anti-virus or security controls that are found in traditional networks and personal computers.

“The mobile internet is still in its relative infancy and it is important that consumers do not lose their confidence in mobile transactions,” Jones said. “Companies will also face new challenges to manage and secure their corporate mobile devices to prevent employees from leaking information, either voluntarily or involuntarily.”

On Tuesday, CA Inc., Islandia, N.Y., released The CA 2008 Security and Privacy Survey, which revealed that internal security threats rose to 44 percent among companies; it said internal breaches caused key security challenges over the past 12 months. In the 2003 survey, only 12 percent of companies reported that internal threats were of concern—a 32 percent increase in five years.

The ISF report said growing trends of mobile and remote working will attract new forms of malware. It said attacks linked to fraudulent payments or denial-of-service attacks will increase.

“The rise of social networking sites have become a popular part of office culture,” Jones said. “In addition to providing another channel for the accidental leakage of corporate information, cyber criminals will adapt new methods of attack to target the vulnerabilities for social networking sites.” He added that virtual worlds may also present new risks if brand damage in these virtual worlds translates back into the real world.

The ISF report also said other threats companies could face in the future include the weakening of infrastructures due to power cuts and internet failures; tougher legislation and compliance burdens; increased outsourcing and offshoring operations; insecure coding that is vulnerable to attack; and erosion of traditional network boundary that leaves data at greater risk.

The younger workforce, which is believed to be more technologically aware, will also increase risk, the report said. It suggested companies should make younger employees aware of information risks and the need for tighter IT controls.

“While predicting the future is an inexact science, infosecurity challenges lay ahead,” Jones said. “Organizations should take informed, cost-effective and proactive solutions in order to mitigate these risks.”