10 security predictions for 2010

This is Roer´s take on security 2010! Please share your comments and your own visions in the comments below!

1. Cloud security

Roer believes that cloud security would be of paramount importance in the New Year. As more and more customers get accustomed with the cloud services & their benefits they would at the same time be apprehensive of the security behind the service. CSP’s have started to realize that Trust is the key to bring in more clients. Many organizations have adopted various authentication & identity management software’s. Still a lot needs to be done to build the confidence among clients. We believe that the factors of authentication would increase. Also, the attackers would get evolved & will adapt to bring down the cloud. A single cloud carries data of millions of customers so it would be all the more attractive for an attacker to launch an attack on cloud. CSP will have to implement security mechanisms to keep such attacks in mind. Security is the make or break point for a cloud service, 2010 will see a lot of advancements in this sphere.

2. Goodbye logons

All of us (at least those of us using computers) have a plentitude of log on credentials, to a large amount of websites and social media sites. The more sites, the more passwords to remember. Right?

We believe that logon solutions like the OpenID project will take over many sites in 2010. We are actually considering implementing third-party authentication services on this blog too, in order to make it easier for you to comment and share. Mind you, OpenID is only one such tool we all know Facebook, Microsoft and Google, and they all offer third-party authentication.

3. Targeted attacks

Targeted attacks are attacks that are targeting a specific computer, company or network. Obviously. The challenge with such attacks is that they are not showing up on the security vendors radar - so there are no signature file to protect you.

Many types of targeted attacks exists today - from hijacking a corporate data center, to DDoS, and all the way down to malware designed solely to leave incriminating materials on your PC, leaving no trace of itself, and making the forensics experts believing you where the one to download that child porn.

Most of these malware are still held within a very small group of hackers, but give some time and some money, and you will be able to buy such tools over the counter just like you can buy a bot-net today.

Another subset of attack will be those targeting small or specialized software vendors like industry developed software. These tools are usually business critical, and developed by software developers who deem security to be “a pain in the place where the sun never shines”, and thus focus more on function and less on security.

4. Cyberwar act 2

We believe that Cyberwar as we have seen it so far is only the tip of the Iceberg. Most modern countries today use computer technology and networks actively in their defense strategy, and many actively use it in their attack strategies too.

Roer believe that computer technology will be used in new manners to gather intelligence about individuals, societies, groups, companies and countries. Social media and networks are amazing at it`s willingness to share political views, religion, sexual orientation, social status, economy, activities and interests. All information that is vital when identifying friends and foes.

The public have seen nothing yet when it comes cyber warfare.

5. More hype and FUD

We do not like FUD (Fear, Uncertainty and Doubt - a sales strategy from Security vendors) at Roer. We love hype, though. Unfortunately, we will see both rise in 2010. Hype is good as long as it is relevant. FUD is nothing but waste of energy.

As the economy will continue to jump up and down, the security vendors who are not able to fit their product with a client pain will continue to scare clients to buy their stuff - even if the client have no use for the product.

We suggest using a vendor independent consultant when investing in new technology, a consultant that will align the technology need to your business need.

6. Compliance comes alive

Compliance will continue to grow in 2010. However, companies will start to care more, understand more about how being compliant can be a business driver, and that compliance as such do not make the company any more secure. In order gain a higher level of security, companies will implement better internal controls, and use the internal control systems to handle issues as they rise.

7. Adobe in the action

Hackers and malware authors have discovered a new (not really) target for their attacks. They no longer only focus on OS (Windows...), they are increasing their focus on client software, like the Adobe family products.

The reason is simple - client software with high volume distribution means a large enough target base, while the security of such software usually is lower than those of todays OS´.

Roer believe that Adobe, as well as other large software vendors will be targeted more in 2010.

8. Mobile fun

As smartphones continue to grow their market shares, they attract interest from hackers and vandals. Many carry around corporate information, and most devices are connected to the cloud and to the enterprise data centers.

Roer predicts a growth in attacks on mobile devices, and a growth in security systems for mobile devices. Most importantly, we predict that mobile users and enterprises will become much more aware, and thus more willing to invest in securing their devices.

9. ID-theft

Roer believe that ID-theft will continue to rise in 2010. The more social networks you are on, the higher the risk of getting attacked. The increase of logon systems under point two in our list also means a higher risk of loosing all your personal information.

We also expect to see more scavenging of personal data, to construct detailed profiles of individuals. These profiles may be used by criminals to identify targets, for corporations to streamline their product offerings, and for foreign governments to identify possible friends and foes.

As for the internal government, see the next point!

10. Monitoring

In Europe we had large discussion about the new data directive, commanding ISPs and Telcos to save a minimum set of information about phone calls and e-mails. The purpose is to give the governments a better tool to conquer criminal activity and terrorism. From a privacy point of view, some have argued against this new practice.

The interesting point is that these new laws now make it very explicit what to store, and for how long. Earlier, this would be up to each country, company or ISP/Telco.

In the UK, 2010 will also be the year when people who download illegal materials from the Internet get´s monitored.

And a large number of companies will increase their social media monitoring, coupled with better policies for social media like Twitter and Facebook.

This post was made by Kai & Kakroo.

Please share your own visions and comments below!