Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Thursday, December 21, 2006

Security 2007: keeping ahead of the hackers

The IT security firm ScanSafe said that 2006 marked the ascendance of web threats such as the Windows Meta File flaw, and that this trend is expected to continue in 2007 as more and more threats shift to the web.  As more users go online to take advantage of Web 2.0 applications like social-networking sites, blogs, wikis and RSS feeds, malware authors are going to be right behind them, ScanSafe warned.  According to a survey by the ePolicy Institute, 31 per cent of employees use IM at the office, and 78 per cent of those users are downloading free IM software from the internet. 

The fifth most significant danger was identified as zero-day threats, which accounted for between 10 and 15 per cent of all threats blocked by ScanSafe in 2006.

The sixth prediction is the death of the perimeter, where remote and roaming users pose significant challenges to traditional notions of perimeter security.

Even more concerning is that, according to the Business Performance Management Forum, 40 per cent of enterprises do not have policies to secure mobile devices.

While this will result in lower telephony costs, it will also open companies to a wide variety of threats that are not necessarily being contemplated because many companies still do not perceive a VoIP phone as a ‘computer’.  The result is that VoIP devices and servers will be subject to the same type of vulnerabilities as any other computer, including denial of service attacks, theft of service, fraud and phishing attacks.

Finally, no 2007 web security predictions would be complete without a reference to Microsoft’s Windows Vista and Internet Explorer 7.  ScanSafe believes that Vista will probably not see widespread deployment in enterprises in 2007, and that corporate users will remain the weakest link in the chain because Vista is not designed for centralised management or reporting.

Posted on 12/21