ISF details top ten future IT security threats

Other information security threats in the ISF's top ten threats list for 2011 - that it says will present challenges for IT security professionals over the next two years - are weaknesses in the IT infrastructure, tougher statutory environments, pressures on outsourcing plus offshoring and the erosion of the network boundary.

Also detailed in the list of IT security threats are mobile malware, web 2.0 vulnerabilities, espionage, insecure user-driven developments and changing cultures, together with a blurring of the boundaries between work and personal life.

Spokesperson Peter Rennison told Infosecurity that the Threat Horizon 2011 report draws on the knowledge and practical experiences of ISF members.

The members, he said, consist of around 300 of the world's largest business and public sector organisations including many of the Fortune 100 corporations.

According to Jason Creasey, meanwhile, the ISF's head of research, many of the information security threats predicted for 2011 will be familiar ones that are evolving - and will present new and sophisticated attacks to complement tried and tested techniques.

"It is also clear that the financial crisis is accelerating these changes, fuelled by increasing staff turnover and dissatisfaction, along with the increased involvement of organised criminal groups that see online crime as a lucrative and low risk alternative to other nefarious activities", he said.

Creasey said that the `crimeware as a service' business model offers services such as distributed denial of service attacks, botnet rental, malware creation and electronic money laundering.

And for the more exclusive, targeted IT attacks, he added, the criminal world is using techniques such as whaling - the targeting high net worth individuals - and attacks tailored to individual organisations.

The ISF, he went on to say, is already seeing a shift from indiscriminate events to highly targeted and planned IT attacks using a combination of social engineering and technical methods to steal identities and information for fraud.

What’s Hot on Infosecurity Magazine?