With the new year comes new challenges, and with that in mind the perimeter e-Security, the trusted provider of security services provides the information it provides enterprise class protection and compliance to businesses of all sizes, announced its 10 Major Threats to Information Security 2010.
“The beginning of a new year is a good time for companies to evaluate their security practices of information and start thinking about what threats we will face in the next year,” said Kevin Prince, chief technology E-Security Perimeter. “As these security threats are becoming more severe and difficult to detect, is vital for companies to understand what they can do to better protect their systems and information.”
Ranking the perimeter of the top 10 threats to information security for 2010:
1. Malware (Increase of threats)
Last year, Malware was ranked as the second threat to senior organizations in the scope of e-Security list of top threats. There are many ways to install malware on their systems, including the use of the vulnerabilities of client-side software. Browsers are still a top goal for vulnerabilities. In 2009, the FBI reported that for the first time, revenues from cybercrime had exceeded drug trafficking, estimated to take more than one billion annual profits.
2. Malicious Insiders (increase of threats)
Malicious Insiders were cited as the main threat to 2009 but have fallen to the # 2 in 2010. With the economic downturn last year, it was no surprise that many employees unhappy and desperate attempts to exploit the companies that are or have worked. No way to eliminate the threat of malicious started completely, but through good security policies and procedures followed, the incident could be a fraction of what they are today. With the economy continues to suffer and unemployment levels remain high, malicious insiders w2ill remain a threat.
3. Vulnerabilities Exploited (Steady Threat)
Exploiting the vulnerability is in the heart of hacking and data breaches. Worms, viruses, malware, and a host of other types of attacks are often based on the vulnerability to infect exploit, disseminate and implement the actions of cyber criminals want. And yet, no, the organizations are doing what they need to patch management. Hackers are most often the use of client side vulnerabilities and other vulnerabilities associated with 3 third party applications.
4. Careless Employees (Steady Threat)
Careless privileged and uneducated will remain a major threat to organizations in 2010. Insiders can be broken down into three categories: careless and untrained employees, employees who are deceived or fall prey to attacks from social, engineering, and malicious employees. The protection of a network and critical and sensitive data is performed quite differently for each type. Policies, procedures, training and a little technology can make a world of difference in reducing the risk of an organization to insiders through carelessness.
5. Mobile devices (increase of threats)
Mobile devices have become a plague for professionals in the information security. There are worms and other malicious code that specifically target these devices like the iPhone worm to steal bank details and use these devices on a network of bots. Theft is still a major cause of data breaches such as mobile devices, especially laptops, are the main culprits. Tens of thousands of laptops are stolen each year and often they have sensitive data that require public disclosure as a violation of data.
6. Social Networking (increased threat)
Social networking sites like Facebook, MySpace, Twitter and others have changed the way people communicate with each other, but these sites can pose serious threats to organizations. A major problem is that there is an element of confidence to these sites makes them fertile ground for identity thieves. There is also a matter of personal safety. Social networking sites are a stalker’s dream come true. Social networking sites are a breeding ground for spam, scams, scareware and a series of other attacks and threats continue to increase.
7. Social Engineering (Steady Threat)
Social engineering is always a popular tool used by cyber criminals phishing is still a popular method to do just that. In fact, these new social engineering scenarios more effectively. This year will be an additional measure of complexity when it comes to social engineering attacks. Beginning sometime in mid-2010, domain names will be expanded to include Arabic, Japanese, Hindi, and even Greek characters, and all these characters are available for domain names, no longer seeks help in a domain one to determine whether it is legitimate or not.
8. Zero-day exploits (increase of threats)
Zero-day exploits is when an attacker can compromise a system based on a known vulnerability but no patch or hotfix exists, and have become a very serious threat to the security of information. The zero-day vulnerabilities are being discovered in the traditionally highly secure protocols such as SSL and TLS. The zero-day vulnerability could also be suppliers.
9. Cloud Computing Security Threats (increased threat)
Using the cloud (internet, ie based on) applications may not be as safe as previously thought, with many stories in 2009 in relation to cloud-based security issues. Many are asking encryption required to access “the cloud” services. As cloud computing grows in popularity in coming years, security in cloud become a big problem.
10. Cyber (increase of threats)
Cyber-espionage is a threat that is heard more and more all the time and there has been a flurry of articles in 2009 on this topic. Most of the incidents surrounding the governing bodies and agencies and therefore have not been a major threat to most individual organizations. However, since cyber has important implications for the government, is a growing threat that must be monitored closely.
“Information security is an evolving discipline that requires great expertise, time and money to manage effectively. Every organization should take stock of what they are doing today and how well their existing solutions to mitigate the risk of top 10 threats. In most cases, adjustments should be made and the new technologies must be implemented to ensure that the organization is properly prepared for the cyber criminals, spam, phishing and hackers are planning for 2010, “said Prince .
