The Information Security Forum (ISF) is warning of an increase in malicious threats including attacks from organised crime and industrial espionage, along with a rise in mobile malware and Web 2.0 vulnerabilities.
These are among the predictions that will heighten information security challenges over the next few years, according to an ISF report entitled Threat Horizon 2010. The report draws on ISF Members, comprising some 300 business and public sector organisations.
The ISF says it is already seeing a shift from indiscriminate events, to highly targeted and planned attacks by organised crime groups that are developing more sophisticated ‘business’ models for extorting the e-economy and money laundering. A combination of social engineering and technical attacks are increasingly being used to steal identities and information, to commit fraud.
"Criminal groups now see online crime as a lucrative and low risk alternative to robbing a bank," says Andy Jones, a Senior Research Consultant at the ISF and the report’s author. "And with the problems of protecting large volumes of sensitive information held in organisations electronically, businesses are also under the increasing threat from targeted espionage and the loss of competitive advantage or intellectual property."
The ISF also warns of the proliferation of malware aimed at mobile devices, which do not have the same anti-virus or security controls as traditional networks and PCs. The growing trend of mobile and remote working will inevitably attract new forms of mobile malware designed, for example, to create fraudulent payments or denial of service attacks.
"The mobile internet is still in its relative infancy and it is important that consumers do not lose confidence in mobile transactions," says Jones. "Companies will also face new challenges to manage and secure their corporate mobile devices to prevent employees from leaking information, either voluntarily or involuntarily."
A third area of growing risk according to the ISF is the rise of social networking sites such as Facebook and Bebo that have become a popular part of office culture. Besides providing another channel for the accidental leakage of corporate information, the ISF believes that cyber criminals will adapt new methods of attack to target the vulnerabilities of social networking sites. Virtual worlds such as Second Life may also present new risks if brand damage in the virtual world translates back into the real world.
Other threats according to the ISF include the weakening of infrastructures due to power cuts and internet failures; tougher legislation and compliance burdens; increased outsourcing and off-shoring operations; insecure coding that is vulnerable to attack; and erosion of the traditional network boundary that leaves data at greater risk.
Finally, the report highlights a risk presented by a new techno-generation corporate culture driven by a younger, more technologically aware workforce. While more technically adept, these new employees must also be made fully aware of information risks and the need for tighter controls that may restrict their IT freedom.
"While predicting the future is an inexact science, we have drawn on the collaborative knowledge and experiences of nearly 300 ISF Member organisations to provide an insight into the infosecurity challenges that lay ahead," said Andy Jones. "The report that is available to ISF Members will allow organisations to take informed, cost-effective and proactive actions in order to mitigate these emerging risks."
About ISF
The ISF is a not-for-profit international association of almost 300 international organisations. The latest ISF Standard of Good Practice for Information Security, which builds on the ISF’s real-world research, is also available free to non-members at www.isfstandard.com
