Security Threat Report 2012 from Sophos
I recently mentioned that I had looked at the “Security Threat Report 2012” from Sophos, but I should also mention that this report has all sorts of useful information in it and that you should definitely take the time to download and read it. Of particular interest might be their “What’s new in 2012: 10 trends” prediction. Here’s their list, which I happen to agree with 100 percent:
1. Social media and the web
We expect cybercriminals to continue their effective mass generation of malware, increasing the number of attacks using new social media platforms and integrated apps.
2. Security means more than Microsoft
Over the past 18 months the bad guys have increased attacks on platforms like Mac OS X and Adobe. We’ll continue to see more targeted attacks on non-Windows platforms in 2012 and 2013.
3. Mobile devices in the spotlight
In 2011 we saw a greater volume of malicious attacks on key platforms such as Android. IT security professionals will need to deal with rapidly evolving mobile platforms, each with a unique set of risks.
4. New web and network technologies force us to learn some lessons
Web technologies are undergoing interesting changes, from HTML5 to IPv6.These new technologies introduce some impressive new capabilities, but they also introduce new attack vectors.
5. Casual consumerization causes backsliding
A casual shift to use of consumer devices without appropriate controls will cause backsliding in security capabilities. IT will once again struggle to deploy reliable security measures for the environment.
6. More hacktivism and targeted attacks
With rising awareness of cybercrime as a means of data theft, intelligence gathering, and political dirty tricks, it’s likely we’ll see more targeted attacks in 2012.These attacks will continue to be a priority issue for certain businesses and organizations.
7. Data regulations proliferate and penalties grow
New regulations and tougher penalties for data breaches will be major concerns for organizations. Proposed laws like the U.S.Stop Online Piracy Act (SOPA), and the European Union’s Data Protection Directive, will have a major impact on data protection and privacy for businesses and private citizens alike.
8. Mobile payment technology may be new target
We’re eagerly waiting for the widespread availability of convenient payment technologies like near field communication (NFC) in mobile devices. We expect cybercriminals are just as eager to target these integrated platforms that hold your life and your money.
9. Cloud services are back in vogue
Some companies were slow to adopt cloud services because of perceived insecurity. But many organizations are now starting to use these services. That means more focus on encrypting data wherever it flows, rather than just protecting the device or the network.
10. The basics still go wrong
Security basics like patching and password management will remain a significant challenge to IT security.
Keeping your devices healthy by identifying missing patches in areas commonly targeted by the bad guys will help significantly. Technologies like file and folder encryption will smooth the adoption of cloud services and new devices.