Why rob a bank when e-crime’s less risky, says security forum

The Information Security Forum (ISF) is warning of an increase in malicious threats

The Information Security Forum (ISF) is warning of an increase in malicious threats from organised crime and industrial espionage, along with a rise in mobile malware and Web 2.0 vulnerabilities.

These are just some of the predictions that will heighten information security challenges over the next few years, highlighted in an ISF report entitled "Threat Horizon 2010".

The report draws on the knowledge and practical experiences of ISF Members, comprising 300 of the world's largest business and public sector organisations.

The ISF is already seeing a shift from indiscriminate events to highly targeted and planned attacks by organised crime groups, that are developing more sophisticated "business models" for extorting the e-economy and money laundering.

A combination of social engineering and technical attacks are increasingly being used to steal identities and information in order to commit fraud, said the ISF.

"Criminal groups now see online crime as a lucrative and low risk alternative to robbing a bank," said Andy Jones, a senior research consultant at the ISF and the report's author.

"And with the problems of protecting large volumes of sensitive information held in organisations electronically, businesses are also under increasing threat from targeted espionage and the loss of competitive advantage or intellectual property," Jones said.

The ISF is also warning of the proliferation of malware aimed at mobile devices, which do not have the same antivirus or security controls as traditional networks and PCs.

The growing trend of mobile and remote working will inevitably attract new forms of mobile malware designed, for example, to create fraudulent payments or denial-of-service attacks, it said.

"The mobile internet is still in its relative infancy and it is important that consumers do not lose confidence in mobile transactions," said Jones. "Companies will also face new challenges to manage and secure their corporate mobile devices to prevent employees from leaking information, either voluntarily or involuntarily."

A third area of growing risk according to the ISF is the rise of social networking sites such as Facebook and Bebo that have become a popular part of office culture.

In addition to providing another channel for the accidental leakage of corporate information, the ISF believes that cyber criminals will adapt new methods of attack to target the vulnerabilities of social networking sites.

Virtual worlds such as Second Life may also present new risks if brand damage in the virtual world translates back into the real world.

Other threats on the horizon according to the ISF include: the weakening of infrastructures due to power cuts and internet failures, tougher legislation and compliance burdens, increased outsourcing and off-shoring operations, insecure coding that is vulnerable to attack, and erosion of the traditional network boundary that leaves data at greater risk.

The report is available free to ISF members. The latest ISF Standard of Good Practice for Information Security is available free to non-members on the ISF website.


Read more on IT risk management