Cybercrime attacks, IT outsourcing, mobile malware top ISF threat list

Article

Cybercrime attacks, IT outsourcing, mobile malware top ISF threat list

Ron Condon, U.K. Bureau Chief
Falling budgets, rising cybercrime attacks, strong compliance regulations and mobile users will all make life difficult for information security professionals over the next couple of years.

Those are the main conclusions in a new report from the Information Security Forum, an independent group harnessing expertise from a pool of companies, including some Fortune 100 businesses. The forum asked 200 of its corporate members, all major organisations, to list what they thought would be the biggest threats facing them in 2011.

The top five threats (see sidebar) range from the increased threat of Internet attacks from organised crime groups, to the loss of control resulting from outsourcing and cloud computing.

    Requires Free Membership to View

    Login

    SearchSecurity.co.UK members gain immediate and unlimited access to breaking UK industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.co.UK today!

    Michael S. Mimoso, Editorial Director

    By submitting your registration information to SearchSecurity.co.uk you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchSecurity.co.uk is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

ISF's Top Five Threats

Criminal attacks
* Crimeware as a service
* Disgruntled employees
* Infiltration of organisations

Weakness in infrastructure
* Reduced investment
* Increased complexity and integration
* Increase in zero-day attacks
* Reliance on third parties for upgrades

Tougher regulation
*Increased emphasis on privacy * Incompatible laws
*Harsher punishment for non-compliance

Offshoring/outsourcing
* Drive to outsource more business operations and security
* Hard to meet compliance requirements
*Instability of providers

Eroding network boundaries
* Adoption of cloud computing
* Proliferation of connections
* Bypass of defences by new malware
Nick Frost, senior research consultant at the ISF, said the rise of cybercrime attacks is a particular worry. "The criminals are taking a very professional approach, and because they work as very loosely connected groups in different jurisdictions, it is very difficult to prosecute them," he said. He added that there was good evidence to show that some foreign students at U.K. universities had been sponsored by cybercriminal gangs, and had then gone on to work at U.K. organisations.

The recession is also pushing companies to increase the amount of offshoring and outsourcing they do, and Frost said this was often done with little regard for security. "Outsourcing is quite mature now, and companies are looking to outsource more critical business processes. But information security is often only considered at the last moment when these decisions are made," he said.

ISF members also noted a tendency for user-developed applications and files, such as Excel spreadsheets, to be implemented without consulting security people. "They don't really want it to go on security's radar for fear they will try to delay it," he said. Frost added that even with quite large application developments, security would often be brought in near the implementation stage to "try to bolt on some security controls."

ISF members also predicted that mobile malware will become more prevalent as more applications go on to smartphones and the devices' processing power and storage capacity increase.

Respondents also noted their struggles with an increasing number of regulatory requirements, as well as with an IT infrastructure that is becoming more and more integrated and reliant on third parties.

William Beer, director of assurance at PriceWaterhouseCoopers (PWC), said many of the mentioned threats could be turned into an advantage, but security people need to adopt the language of business to get their voices heard. "There is an opportunity to get across our key messages. For instance, Sarbanes Oxley was once viewed as a big cost, but it is now seen as having reduced costs and improved the way companies operate," he said. "If by increasing security, we can leverage confidence and trust during a recession, then we can turn a negative into a positive."