Mobility among the top IT security threats in 2011, says UK think tank

The plethora of mobile computing devices flooding into the market will be one of the biggest security challenges in 2011, says a UK think tank.

The plethora of mobile computing devices flooding into the market will be one of the biggest security challenges in 2011, says a UK think tank.

"These devices provide a new playground for cybercriminals," said Tony Dyhouse, cyber security director of the Digital Systems Knowledge Transfer Network.

With mobile devices connecting to Wi-Fi and Bluetooth networks, there are suddenly many more opportunities to get in and steal personal information, he said.

"We are bound to see an upsurge in man-in-the-middle style attacks as criminals find ways to intercept transmission between devices and receivers," said Dyhouse.

The only immediate solution, he said, is for users to become a lot more savvy in their use of technology and understanding of cyber-criminal activity.

Biometric authentication technologies are still immature and application suppliers are unlikely to take on full responsibility for security, so it is up to users, said Dyhouse.

Human beings remain, he said, the weakest link in security, particularly with the increasing use of mobile devices to do things online.

"Humans are the most unpredictable as they are susceptible to mistakes, bribery and blackmail," he said.

At company, national and international level, it has never been more important to ensure end-users understand what criminals want and how they work, said Dyhouse.

"Social engineering is involved in just about every kind of security breach, and is only likely to increase in importance as an attack method in 2011," according to Dyhouse.

But, he said, ordinary citizens will never become experts, and that is why it is important to address the serious shortage of cyber security skills.

"The UK is among the countries that have to do something to address the dwindling number of IT pros to help ordinary users understand and minimise the risk," he said.

The UK national cyberchallenge is a good initiative to lure new talent, but more needs to be done, said Dyhouse.

This is particularly important in the light of the discovery of the Stuxnet worm in 2010, he said, as other, stealthier malware could be operating on critical national infrastructure systems or silently poised to strike at an opportune moment.

Stuxnet-like malware with sophisticated infiltration and camouflaging techniques could also be easily adapted to gain commercial advantage by spying on or sabotaging competitors, said Dyhouse.

"This is why it is important to recognise and discuss these threats at all levels rather then sweeping them under the carpet," he said.

International diplomacy should be increased around cyber crime, said Dyhouse, so that all nations can work together to make cybercrime less profitable.

"The cross-border nature of cybercrime is what makes it extremely difficult to police, so uniform international operating procedures are essential," he said.

Government investment in cybercrime is also extremely important, said Dyhouse, and is in the national interest of every country as millions are lost each year through electronic fraud.

"Investment needs to be balanced against what is lost to the national economy, so while the government's allocation of £650m to fight cybercrime is a lot of money, millions more are lost by the UK to cyber crime," he said.

Read more on Hackers and cybercrime prevention