2009 was the year that we learned the meaning of the word recession and looked to the cloud for answers. Budgets were slashed and security departments were forced to do more with less, all while cybercrime rates rose as frustrated individuals used whatever means necessary to earn in a difficult economic climate. What 2010 will bring remains unclear, but as we approach the New Year, optimism is beginning to emerge.
"That which becomes popular today, will be the attack vector of choice tomorrow.”
- Michael Sutton
- Zscaler Labs
On the technology front, the "cloud honeymoon" is over and now the hard work begins. Mobile is as exciting as ever with new platforms and functionality emerging with vendors battling for dominance. Social networking winners have been established, but we're just beginning to see their true potential. Much remains to be seen, but one thing is for sure – attackers are following these trends just as closely as the enterprises and consumers that benefit from them. That which becomes popular today will be the attack vector of choice tomorrow. Below are my security predictions for the New Year.
1.) Apple is forced to climb the security learning curve
Apple has for some time been considered to have a safer operating system in OS X as it is less often targeted by attackers. While that may be true, it is less secure overall, and Apple's increasing market share will force them to finally invest in security due to increasing attacks targeted at Apple devices.
2.) App Store Party Crashers
App stores are all the rage, with every mobile vendor racing to replicate Apple's success. Generally, vendors stand guard and only let in the applications that they feel are appropriate. Consumers mistakenly believe that this ensures that only secure applications can be obtained, but that is not the case. Security testing is limited at best with app developers already having success slipping in apps with undocumented APIs. Attackers will take things one step further and slip malicious apps in under the gatekeeper's watch.
3.) Web-based worms go prime time
We've been teased with a variety of Web-based worms from Samy to StalkDaily. Most have been experiments as opposed to planned attacks with the goal of financial gain. That's about to change.
4.) The emergence of the Web platform
We've gone from Web sites to Web applications, and we're now seeing the birth of the Web platform. Social Networking sites such as Facebook have gone beyond delivering dynamic applications welcoming user-supplied content. They have now evolved into platforms inviting user-supplied functionality, allowing virtually anyone to develop unique applications within their ecosystem. Attackers will take advantage of this to deploy malicious applications on social networks and the sites will struggle to identify and block them before deployment.
5.) Attackers turn to the cloud
The cloud offers unprecedented storage and processing power at an attractive price. Think that's only attractive to enterprises? Think again.