What is the top security threat prediction of 2009?
Good Answers (3)
Lynn W.
virtualization since Jan68, online at home since Mar70
Best Answers in: Financial Regulation (5), Information Security (5), Economics (4), Government Policy (3), Equity Markets (3), Risk Management (2), Blogging (2), Enterprise Software (2), Budgeting (1), Mergers and Acquisitions (1), Sales Techniques (1), Planning (1), Bond Markets (1), Derivatives Markets (1), Hedge Funds (1), Career Management (1), Computer Networking (1), Information Storage (1), Telecommunications (1), Web Development (1)
Insider threats have nearly always been number one ... although there seem to frequently be various reasons why the information doesn't show up in the public press.
Corporate Fraud and Misconduct Risks Driven by Pressure to do 'Whatever It Takes'
http://www.financetech.com/news/showArticle.jhtml?articleID=212501185
from above:
Of more than 5,000 U.S. workers polled this summer, 74 percent said they had personally observed misconduct within their organizations during the prior 12 months, unchanged from the level reported by KPMG survey respondents in 2005. Roughly half (46 percent) of respondents reported that what they observed "could cause a significant loss of public trust if discovered," a figure that rises to 60 percent among employees working in the banking and finance industry.
... snip ...
With overall industry avg. of 46% ("could cause a significant loss of public trust if discovered") and the financial industry specific avg. of 60%, which should place the non-financial industries' avg. below 40%. That would make the financial industry avg. somewhere between 50% and 100% worse than other industries.
then there is this ...
Cybercrime: The 2009 megathreat
http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9123731&taxonomyId=17
and breaches don't seem to have abated (although breaches & identity theft frequently also involve insiders)
A Chronology of Data Breaches
http://www.privacyrights.org/ar/ChronDataBreaches.htm
Links:
- http://www.financetech.com/news/showArticle.jhtml?articleID=212501185
- http://www.computerworld.com/action/article.do?command=viewArticleBasic&tax...
- http://www.privacyrights.org/ar/ChronDataBreaches.htm
Clarification added December 21, 2008:
... oh and recent posts/threads "Web Security hasn't moved since 1995"
http://www.garlic.com/~lynn/2008p.html#67
http://www.garlic.com/~lynn/2008p.html#78
http://www.garlic.com/~lynn/2008q.html#13
http://www.garlic.com/~lynn/2008s.html#25
Lopa Mudra Basu C.
Head - Enterprise Security & Risk Governance, SLK GBPOs at SLK Group
Best Answers in: Information Security (4), Computer Networking (1)
Top Ten Security Threats 2009
1. Terror & Cyber Attack.
2. Paper Security (all are green on paper).
3. Neglected Endpoints & LAN Security.
4. Reduced Budgets.
5. Merging IT Security with Network.
6. Malicious, lack skilled Insiders with improper profile.
7. Careless Employees & Physical Security.
8. Social Engineering & Lack of Awareness.
9. Exploited Vulnerabilities.
10. Outsourcing Core IT Sec & InfoSec Functions.
Bernard T.
Engineer
Best Answers in: Information Security (3), Business Analytics (1), E-Commerce (1), Information Storage (1), Telecommunications (1), Software Development (1), Wireless (1)
Can we see it as related to what is coming up as well
a) Security "Wants" > "Needs" (this is beefing up and organisation is supporting, with govt giving aids, but do they know what they needs instead of just wants for the sake of "wanting it", improper/hasty implementations)
b) Cloud Computing as Priority (This is can easily be IT gift to out task so as to focus on the core function, but what about security aspects of it. How much do we know of the providers and how confident are we? That is the threat-putting too much trust)
c) Asymmetric Paradigm (More merger/acquisition among the Security providers, so do people see that "defense-in-depth" as single product serve them well, will this construe the correct perception of "depth", great challenges to make it more resilience with due care)
d) Critical Infrastructure threats (Gaining tractions are the cyber threats and stakeholders still believing that "isolation means safe" will do them disservice and misplacing putting their trust)
e) Malicious hardware (there can be counterfeit and people cannot easily see it, it is going to be another spy tools out in the market to proliferate using the strategy "cheap is good" for security product, as the financila health is not picking any sooner yet)
f) Social Networks as propagation ground (this is going to spread even more as more people are joining in especially when job seeker are desperate, and perfunctory in being more security aware)
Having said that, I see that all is not that gloomly either as the good guys are catching up with their valued propositions
Just my two cents worths.....
More Answers (12)
11. Managerial creed not implimenting risk management.
12. Oh, I am insured, so its okay.
#1 Client Side attacks
François A.
► President & CEO, IS Decisions (Security Software)
Best Answers in: Internet Marketing (2), Computer Networking (1), Telecommunications (1)
My guess is that insider threats will hit the top of the charts.
The current economic background will indeed create a massive churn with a lot of disgruntled employees (both end-users and ITpros).
The processes and tools for managing and disabling access to IT networks are going to be critical ...
MS R.
Chief Technology Officer at Rural Shores Business Services
Best Answers in: Computers and Software (2), Information Security (2), Regulation and Compliance (1), Corporate Law (1)
Dear All,
Firstly I wish to highlight to everyone that this is a repeat question from the Info Sec. Group. See the link below:
http://www.linkedin.com/groupAnswers?viewQuestionAndAnswers=&gid=38412&discussionID=788131&commentID=989487&goback=.hom#commentID_989487
Accordingly, I am repeating the answer I posted in the original link verbatium.
I am reasonably sure that there are mechanisms in place for addressing cyber terrorism. I am not sure if this can be a great problem.
All over the world, companies are sinking. Rarely, if ever, there is a cleanup to the acceptable standards. All the SOX, HIPPA, Personal Information Protection et. all of the world don't seem to apply to sinking or sunk company. When management attention is tough to get when in profitable mode, who would pay attention to Info Sec. when one is filing bankruptcy!!!!!
There's going to be hell a lot of personal information available which can lead to all the mess we all are familiar with. Identity theft, credit card fraud, unauthorised/ forged fund transfers, other wire frauds .... you name it, would all happen in an unprecedented scale. I am not sure if there are adequate systems in place to identify such loss/ compromise of information and steps to mitigate them. Note also that the challenge would be in the size of this flood. IMHO, this is going to be the greatest threat in 2009.
with best wishes,
Commander MS Raghunath (Retd)
I agree with many of the existing answers. Let me add:
1. Sharepoint proliferation
2. Exposed data via SOA
3. Lack of audit trail
4. Unfettered partner access to corporate resources
1. non IT users unawareness of potencially risky behaviour when using their personal PCs.
This attitude is going to open backdorrs and exploit to cybercriminals.
2. IT and/or security budget reduction
the 'make it work and make it cheap' attitude for companies increases the risk of security leakage
Satyam D.
Vice President - Corporate Risk
Best Answers in: Corporate Law (1), Information Security (1)
1. Terrorism
2. Insider Threats
3. Insufficient Budgets
5. Management committment
6. Social Engineering
7. Inadequate training programs
8. Slow technology upgrade / inadequate monitoring of LAN and endpoints
9. Third party access to network
10. Lack of sufficient audit trail to investigate incidents
Patrick D.
Computer & Security consultant, owner ProMind
Best Answers in: Computers and Software (6), Telecommunications (4), Computer Networking (2), Information Storage (2), Small Business (1), Enterprise Software (1), Wireless (1)
Rudra,
The same as it was and always will be, the human factor ...
People will do things without thinking and most attacks are based on that basic premisse.
So educating your users is the main measure to take ...
Best regards
Patrick
Decreasing of management commitment and IS budgets due to so called "global economic downturn".
Angelos K.
CTO Virtual Trip Group
Best Answers in: Computer Networking (3), Telecommunications (2), Conference Planning (1), Government Policy (1), Offshoring and Outsourcing (1), Advertising (1), Inventory Management (1), Professional Books and Resources (1), Starting Up (1), Computers and Software (1), Information Security (1)
1) managed security services
By outsourcing security procedures and devices ones has a false sense of security which is equivalent to none!
Rick L.
CISO, Published Author & Security Advisory
Best Answers in: Information Security (9), International Law (1), Antitrust Law (1), Professional Organizations (1), E-Commerce (1), Information Storage (1)
Due to layoffs, especially in the IT field, watch the rate of "insider threats" (now external) grow exponentially now. In addition, due to limited job availability the rate of professional intellectual property theft grow.
This is a time in which security needs to be front and center on effective exit policies and controls for their corporate environments.
