The
Information Security Forum (ISF) is warning of an
increase in malicious threats from
organised crime and industrial espionage, along with a rise in
mobile malware and Web 2.0 vulnerabilities.
These are just some of the predictions that will heighten
information security challenges over the next few years,
highlighted in an ISF report entitled "Threat Horizon 2010".
The report draws on the knowledge and practical experiences of
ISF Members, comprising 300 of the world's largest business and
public sector organisations.
The ISF is already seeing a shift from indiscriminate events to
highly targeted and planned attacks by organised crime groups, that
are developing more sophisticated "business models" for extorting
the e-economy and
money laundering.
A combination of
social engineering and technical attacks are increasingly being
used to steal identities and information in order to commit fraud,
said the ISF.
"Criminal groups now see online crime as a lucrative and low
risk alternative to robbing a bank," said Andy Jones, a senior
research consultant at the ISF and the report's author.
"And with the problems of protecting large volumes of sensitive
information held in organisations electronically, businesses are
also under increasing threat from targeted espionage and the loss
of competitive advantage or intellectual property," Jones said.
The ISF is also warning of the proliferation of malware aimed at
mobile devices, which do not have the same antivirus or security
controls as traditional networks and PCs.
The growing trend of mobile and remote working will inevitably
attract new forms of mobile malware designed, for example, to
create fraudulent payments or denial-of-service attacks, it
said.
"The mobile internet is still in its relative infancy and it is
important that consumers do not lose confidence in mobile
transactions," said Jones. "Companies will also face new challenges
to manage and secure their corporate mobile devices to prevent
employees from leaking information, either voluntarily or
involuntarily."
A third area of growing risk according to the ISF is the rise of
social networking sites such as Facebook and Bebo that have become
a popular part of office culture.
In addition to providing another channel for the accidental
leakage of corporate information, the ISF believes that cyber
criminals will adapt new methods of attack to target the
vulnerabilities of social networking sites.
Virtual worlds such as Second Life may also present new risks if
brand damage in the virtual world translates back into the real
world.
Other threats on the horizon according to the ISF include: the
weakening of infrastructures due to power cuts and internet
failures, tougher legislation and compliance burdens, increased
outsourcing and off-shoring operations, insecure coding that is
vulnerable to attack, and erosion of the traditional network
boundary that leaves data at greater risk.
The report is available free to ISF members. The latest ISF
Standard of Good Practice for Information Security is
available free to non-members on the
ISF website.
http://www.computerweekly.com/Articles/2008/06/11/231022/national-e-crime-unit-takes-shape.htm