Top 10 Security Challenges For 2010
(Page 4 of 4)
9. A Major Insider Theft Scandal Will Surface
Ongoing improvements in network security will encourage organized cybercrime groups to think about the long con. Somewhere next year, expect someone with access to data at a large organization to be caught working for or with a cybercrime group. The Identity Theft Resource Center anticipates a rising number of insider cases because of failure to follow basic workplace security protocols.
More Security Insights
- How Attackers Identify and Exploit Software and Network Vulnerabilities
- Getting a Grip on Mobile Malware
- The 451 Group Impact Report: Skybox Enters Vulnerability Management Space
- Detecting and Stopping Advanced Threats
Contrarian view: As above, but the organization will be able to hide the incident, at least until 2011. This prediction has the added benefit of being difficult to prove wrong next year.
10. Clickjacking Strikes Back
Zscaler believes that the clickjacking vulnerability -- a way to alter a Web app's user interface to dupe users into clicking on concealed buttons -- will be employed in attacks more frequently. Jeremiah Grossman, founder and CTO of WhiteHat Security, and Robert "RSnake" Hansen, founder and CEO of SecTheory, disclosed information about the technique in October 2008. While some effort has been made to mitigate the risk of clickjacking, Zscaler says the technique can still be effective, particularly in attacks with a social engineering component.
Contrarian view: Why bother ,when you can just launch a window that displays a fake security scan and get clueless users to pay for fake security software? Ignorance is a vulnerability that isn't easy to patch.
For Further Reading:
Application mobilization tools are both more effective and more confusing than ever. To develop this report, InformationWeek Analytics polled nearly 700 business technology professionals and interviewed mobile application experts. Download the report here (registration required).