Security issues to fear in the New Year

This is the season for top, best and worst lists, so it is appropriate to bring you a list of the things that are likely to be keeping you awake nights throughout the coming year. Predictions are risky, however, so in order to spread the risk (and the blame) I have searched for some consensus in what the deep thinkers at some of the large IT and security organizations are worried about.

Everyone has his own point of view and ax to grind, but the patterns show concerns about an increasingly complex and networked IT environment, with new and increased threats coming in cloud computing, social networking and mobile platforms.

Cloud computing was one of the major buzzwords of 2009, but there has been a persistent undercurrent of concern about security associated with it. Those concerns are coming to the forefront as the bad guys are expected to be on the lookout for vulnerabilities to exploit in cloud environments, and for opportunities to use the cloud for their own nefarious purposes. Cost savings will continue to drive a migration of public data to cloud environments, but criminals are expected to follow.

“We have already seen the emergence of ‘exploits as a service,’” the folks at IBM wrote in their year-end musings. “In 2010 we will see criminals take to cloud computing to increase their efficiency and effectiveness.”

The botnet services market is also expected to grow, as herders of these illicit networks look for more ways to leverage their investments in compromised computers.

“My greatest hope for 2010 is that marketing departments will give the term ‘cloud computing’ a well deserved break,” said Michael Sutton, VP of security research at Zscaler. “2009 saw great interest in the development of cloud-computing architectures and one must wonder how often security was sacrificed in order to get to market quickly.”

Wise administrators will delay moving sensitive data to the cloud until security catches up with functionality.

The Web is expected to be a fertile field for developers both good and evil. Browser exploits are old hat, and Web worms are predicted to be a growth area. This leads ICSA Labs, a testing and certification laboratory, to predict increased adoption of Web Application Firewalls as the market for them matures.

The Web is closely tied with platforms such as social-networking sites that are becoming more flexible and powerful, allowing user-created functionality as well as content. This could offer a great playground for hackers and other bad guys as they introduce and exploit vulnerable code, and the site owners will be struggling to combat them.

Last year saw worms such as KoobFace spreading through social-networking sites, and bot attacks spewing fake password reset notices to users. Social-networking tools such as Twitter are being used to distribute malware, and social-networking sites are an ideal place for social engineering. Users without a high level of skepticism could become their own worst enemies as they fall prey to solicitations and messages delivered through and to these sites.

And while we’re online, the proliferation of specialized applications for mobile devices is seen as another growing threat. The availability of these applications, which can range from business tools to gimmicks and toys, help to drive the adoption of new platforms, but security assurance for these applications often is minimal.

“The increasing popularity of mobile phones running the Android [operating system] combined with a lack of effective checks to ensure third-party software applications are secure will lead to a number of high-profile malware outbreaks,” Kaspersky Lab predicted.

Mobile users also will be increasingly targeted by spammers and phishers in the new year, but IBM predicts that direct threats against the devices will continue to remain scarce. “The reason is simple,” IBM said. “PCs remain a much more valuable target, thus criminals will continue to focus on them.”

Keep in mind that new year predictions are not infallible. Sometimes they are not even consistent. Take rogue antivirus, for example, those malicious programs offered to remove supposed malware and which cause more problems than they cure. Their day has passed, says Kaspersky. “The fake antivirus market has now been saturated and the profits for cybercriminals have fallen,” the company said. But ICSA predicts that the rise of legitimate antivirus products being offered for free will be accompanied by an increase in rogue “scareware.”

One prediction made by ICSA seems incontrovertible, however. “The Windows 7 operating system, while built to be more secure than Vista, will inevitably be riddled with exploitable vulnerabilities.”

Have a happy new year.

About the Author

William Jackson is a Maryland-based freelance writer.


  • Contracting
    8 prototypes of the border walls as tweeted by CBP San Diego

    DHS contractors face protests – on the streets

    Tech companies are facing protests internally from workers and externally from activists about doing for government amid controversial policies like "zero tolerance" for illegal immigration.

  • Workforce
    By Mark Van Scyoc Royalty-free stock photo ID: 285175268

    At OPM, Weichert pushes direct hire, pay agent changes

    Margaret Weichert, now acting director of the Office of Personnel Management, is clearing agencies to make direct hires in IT, cyber and other tech fields and is changing pay for specialized occupations.

  • Cloud
    Shutterstock ID ID: 222190471 By wk1003mike

    IBM protests JEDI cloud deal

    As the deadline to submit bids on the Pentagon's $10 billion, 10-year warfighter cloud deal draws near, IBM announced a legal protest.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.