advertise here



Industry Comment Research   RSS Feed

Webinars Buyers' Guide Podcasts

Related Publications Foward Features




  In partnership with:

November/December 2006 issue

2007 preview: What's rollin' round the bend?

Back to Q1, Q2, Q3, Q4, Q5

6. What do you think will be the big new threat to enterprise security in 2007?

Adrian Asher, Global Head of Security , Betfair
I’d like to use the old adage of users or internal staff, but I’m not going to. Conformance. If the trend of prescribing changes to environments based on legacy standards and requirements continues, I feel it could only help to weaken the security of organizations. With creative attacks and highly sophisticated edge condition exploits, the industry must provide creative solutions to these complex problems. Anything that seeks to regulate or conform to a standard / template solution, could be very dangerous.

Brian T. Contos, CISSP, CSO ArcSight
I think we are going to see:
• More sophisticated malware
that propagates faster and is more damaging
• More financially and politically
motivated cyber attacks
• More targeted attacks launched against specific organizations
• Attacks propagating across wired, wireless, mobile networks and the like
• A larger number of attacks against critical infrastructure – energy,
financial, transportation and
communication networks
• A rise in threats from inside the organization
- Recruited by malicious outsiders (terrorists, organized crime, etc)
- Disgruntled employees that have found ways of turning sensitive information into money
- Careless or negligent employees putting their organization at risk by mishandling sensitive information

Leo Cronin, CISO, Reed Elsevier
I am not sure we will see any bold new threat emerging in 2007. I do think we will see an increase in sophistication of blended threats designed to steal identities and misappropriate financial assets. Applications will continue to be attacked at alarming rates, so investments in application security processes and technologies need to be a focus. Some of the attack vectors may change, but I see the increased use of open wireless infrastructure and abuse of emerging VoIP services to commit e-crime next year. Another technology CIO’s and CTO’s need to be cautious of is MPLS services, especially those managed by the telcos. If the WAN becomes shared and routable, you could be asking for a whole slew of trouble without the proper technical and operational controls in place.

Robert Gleichauf, VP and CTO, Security Technology Group, Cisco
Well, to be fair security is not about the next big thing. Our industry tends to hype the latest new shiny security issue when the reality is that a lot of yesterday’s news remains an ongoing issue for security administrators. For example, many companies have still a lot of work to do to properly address regulatory compliance issues even though this has been a top of mind issue for 3-4 years now. Security is really about defence in depth since it is so hard to predict where the next threat will come from. The biggest threat really is failing to properly fund security planning and build out!

Paul Henry, Secure Computing
Targeted attacks originating from both hostile governments and organized crime in the form of specially coded one-off viruses, trojans, worms or other opportunistic application layer attacks. Each are designed for the ultimate purpose of slipping past security gateways to steal information. Perhaps this same malware which is simply deployed behind network defenses through collusion with a wayward insider, poses the greatest risk in 2007.

When organized crime moved to the Internet, we first saw the protection schemes they were so well know for in their traditional brick and mortar world. Online casino’s and eCommerce sites were plagued with DDoS attacks — if they did not pay the respective 'protection' monies to eastern block organized crime operators. This quickly evolved in to organized crimes financial and technological support of Internet based credit card theft as well as Identity Theft. Credit card numbers very quickly began replacing IP addresses and passwords of compromised servers as the new underground currency of the Internet. Organized crime has now embarked on the business of trading Intellectual Property on the Internet with eager customers in both the commercial sector and foreign governments.

Evan Kaplan, CEO Aventail
There is no question that mobile devices will be the biggest threat. They are already a threat, of course. But as they get more sophisticated, and users co-mingle their corporate and personal devices, the threat will grow. Too many corporations are not enforcing real security on employees who use their own PDAs and Smart Phones to access corporate email and data. Theft and exposure of the data, as well as identity theft leading to employee impersonation and more malicious acts, are clearly significant risks. We’ve already seen the case of an iPod being used as a virus propagation device, because so many users simply bring them into the office and link them to their PCs. The corporate data center is only as secure as the weakest link that is allowed to connect to it.

Tom Noonan, CEO and Chairman, ISS, IBM
There is no single “new” threat to security, but rather a continued acceleration of the issues the industry has seen. For example, as wireless and smart phones become more prevalent and the carriers re-invent their backbones based on IP technologies, the malicious efforts will shift to these new environments. The techniques honed in the wired world will be repurposed to the wireless world. We have already seen “for-profit” worms and Trojans entering into this world in a tenth of the time that it took for-profit attacks to become the norm in the wired world. Within the enterprise, data management and control are getting a higher degree of focus, with concerns about data leakage, insider threats and crumbling perimeters creating very complex environments for managing critical business information.

Hugh Penri-Williams, Chairman of the Information Security Forum
Digital convergence - the trend for existing PC, PDA, phone, music, video devices to meld into a single unit thereby creating multiple threat entry points ultimately leading to a single point of failure making this asset concentrator completely unavailable, with no obvious backup. This is further exacerbated by the increasingly high levels of offsite activity of today’s workforce, 'on-the-road’ in airports, airplanes, hotels, stations, trains, and last - but not by any means least - at their ‘home’ office. Opportunities for accidental damage or manipulation by unauthorised parties (some better known as children), loss and theft are not negligible either. So-called technical progress inevitably comes hand-in-hand with its own collection of new vulnerabilities.

Paul Simmonds, CSO, ICI
Lack of user “trust” in the Internet.

Alex van Someren, CEO nCipher
Targeted hacking will be among the big new threats for 2007 with the increased involvement of organised crime and insider attacks. This makes the combination of identity management, authentication and encryption vital to combat against attacks on databases, file systems and sensitive applications. •

Features index

 



 

 
Search this Site:
Google Custom Search



Click here...