Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Wednesday, September 20, 2006

New Gartner Hype Cycle Highlights Five High Impact IT Security Risks

Gartner, Inc. advised businesses to plan for five increasingly prevalent cyberthreats that have the potential to inflict significant damage on organisations during the next two years.  They are; targeted threats, identity theft, spyware, social engineering and viruses.  The hype cycle assesses the initial awareness, maturity, impact and market penetration of 35 IT security threats during the next ten years.  According to Amrit Williams, research director at Gartner, “We are seeing an increasingly hostile environment fuelled by financially motivated and targeted cyber attacks.

They are no longer just executed by hackers for hobby or cybervandilism, but by professionals with a targeted aim at one person, one company or one industry,” said Amrit Williams, research director at Gartner.  “For example, we have recently seen several companies hiring private investigators to spy on their competitors.”

Gartner said that social engineering and viruses will remain an everyday nuisance for chief information security officers through 2009.

Gartner urged organisations to incorporate penetration testing into vulnerability management processes and investigate more-aggressive intrusion detection and protection approaches that move beyond threat-signature-based approaches.

It also advised companies to evaluate managed security services when internal capabilities are not available or sufficient for advanced security activities.

Identity theft refers to the theft of an individual’s personal or financial information for the purpose of stealing money or committing other types of crimes.  This continues to be a disruption as it can be used to send confidential information to unauthorised persons without the knowledge or consent of an e-mail user.

Gartner advised organisations to ask their existing desktop security vendor to provide an integrated anti-spyware solution.

They should also use their gateway and network security devices to provide anti-spyware capabilities in the network, a strategy that has proved effective in the fight against viruses and spam.

Defence against social engineering relies on deploying consistent security policies and practices that include; educational and clear reporting programmes as well as appropriate technology management.  For example, to minimise the risk of sending confidential corporate documents or trade secrets to inappropriate recipients, organisations should use content monitoring and filtering tools.

More than 1,900 information technologies and trends across more than 75 industries, technology markets, and topics are evaluated by more than 300 Gartner analysts in the most comprehensive assessment of technology maturity in the IT industry.  It highlights the progression of an emerging technology from market over enthusiasm through a period of disillusionment to an eventual understanding of the technology’s relevance and role in a market or domain.

Posted on 09/20