According to Help Net Security, these are the influential security trends to watch in 2012. What do you think?
1. The human perimeter
Expectation: further examples of the socially engineered email attacks combined with zero day exploits as perpetrated against RSA and its client base, Operation Aurora and Google Gmail.
Prevention: Frequent staff training and refresher courses are vital. Security processes may be perceived to be hampering working practices so ensure procedures are tailored to the business to prevent users circumventing them. Use a sender email framework to identify suspect email.
2. Media mining
Expectation: social media and active media sites will increasingly be mined for information in order to crack passwords, perform identity theft or to socially engineer access to a network or building. Other avenues such as RFID and radio frequency channels could also provide valuable personal information by hacking voicemail or intercepting calls.
Prevention: The work/leisure divide no longer exists so be prepared to educate users on how to protect their anonymity and lock-down information on social media sites. Provide clear guidelines on acceptable use.
3. ‘Bring your own’ device issues
Expectation: opportunist theft will rise as hackers record log-in details or observe transactions and then replicate these.
Prevention: Revise network access restrictions via remote and wireless connections. Strengthen access control through regular password renewal, two-factor authentication over VPN, review role-based access privileges and carry out regular auditing and penetration testing.
4. USB jacking
Expectation: The emergence of new malware payloads will see the USB become a greater threat to the PC and corporate networks.
Prevention: Ensure the security policy provides clear guidelines on USB and external device control: users often mistakenly believe that only previously used devices are vulnerable. Traditional USB malware can be detected by scanning removable devices and disabling the autorun feature. New breeds of malware will require more sophisticated monitoring techniques.
5. Cloud concerns
Expectation: Cloud computing adoption among medium to large enterprises will slow due to legislative changes. APTs will seek to exploit cloud-based data. There will be a rationalization of the cloud while businesses consider how to use it to greatest effect without compromising data integrity.
Prevention: Ensure only non-sensitive data is held in the cloud and provide guidelines on the use of cloud-based file sharing. Protect wireless and wired networks through the use of a DMZ, with sensitive information held offline or on a separate dedicated network.
By: Cheryl Barto Shoults