Software security firm Imperva will release details of its 10 key security trends for 2011 next week. Here is a preview.
- Man in the browser (MITB) attacks are a new threat which consumers will face and the hacking industry is widely adopting, especially as many security products are not mature enough yet to deal with this problem.
- File security. With Sharepoint being the fastest growing product in Microsoft history and data growing at a 60% annual rate, file security will become the top security issue. With PCI DSS being expanded to refer not only to databases and web apps but also to files, organisations will need to carefully consider how they protect their files.
- Smartphones will be the new target in 2011. Hackers are using mobile devices (smartphones and tablets) as a new attack platform. With a number of applications on mobile devices (CRM, Salesforce, Access to work e-mails), these will become more susceptible to attack.
- Hackers and security side-by-side in the cloud. As organisations' IT infrastructure moves to the cloud, so will their security controls. However these services will also become hot targets for hackers, with the popular ones being the most data-rich, the security on these services will need to be tightened immensely.
- Insider threat. With more job losses set for 2011, there will be more disgruntled employees than ever. Employees are more likely to want to take information to help them with new jobs or as an act of revenge to pass on to competitors.
- Social networks have started to blur the notions of privacy and security. 2011 will bring even more confusion when it comes to security and the trust people put in social networks.
- Convergence of regulations over countries. Convergence of regulations amongst the OECD countries will lead to standardising laws on data security and privacy.
- Security is becoming part of the business process. With the recent acquisitions of McAfee by Intel and Fortify by HP, suppliers are gaining an understanding of the need to apply security throughout the complete process of building a system. Today, cybersecurity can't be separated from business operations. Security teams need to become business process experts to keep the bad guys disarmed while keeping the good guys productive.
- Hackers are feeling the heat. Proactive security seems to be the new approach for most security practitioners and due to this more hackers will get caught. However, due to the industrialisation of hacking, hackers will raise their professional bar by "buying" other smaller groups or merging, leaving the more sophisticated hackers in business.
- Hacktivism meets industrialisation. Hacktivism as we know it has been very targeted. However, hacktivists are learning from the success of industrialised hackers and will soon follow in their footsteps. The attacks will transition from restricted targets to a wide range of targets.