Company Says Malware, Malicious Insiders Top Information Security Threats For 2010

  • Jan 15, 2010

Perimeter E-Security recently unveiled its Top 10 information security Threats for 2010.

"The start of a new year is a great time for companies to evaluate their information security practices and begin thinking about what threats they'll be facing in the coming year," said Kevin Prince, CTO of Perimeter E-Security. "As these security threats are becoming more serious and difficult to detect, it is vital for companies to understand what they can do to best protect their systems and information."
Perimeter's ranking of the Top 10 information security threats for 2010:

1. Malware (Rising Threat)
Last year, Malware was listed as the second highest ranked threat to organizations on Perimeter E-Security's list of top threats. There are many methods to install malware on systems, including the use of client-side software vulnerabilities. Browsers remain a top target for vulnerabilities. In 2009, the FBI reported that for the first time ever, revenue from cybercrime had exceeded drug trafficking, estimated at taking in more than one billion annually in profits.

2. Malicious Insiders (Rising Threat)
Malicious insiders were listed as the top threat for 2009, but have fallen to the  No. 2 spot for 2010. With the downturn in the economy last year, it was no surprise that many desperate and disgruntled employees attempted to exploit the companies they currently or previously worked for. There is no way to eliminate the threat of malicious insiders completely, but through good security policies and followed procedures, the incidents could be a fraction of what they are today. With the economy still suffering and still high unemployment levels, Malicious Insiders will continue to be a threat.

3. Exploited Vulnerabilities (Steady Threat)
Vulnerability exploit is at the heart of hacking and data breaches. Worms, viruses, malware, and a host of other attack types often rely on vulnerability exploit to infect, spread and perform the actions cyber criminals want. And yet, organizations are still not doing what they need to for patch management. Hackers are more often exploiting client side vulnerabilities and other vulnerabilities associated with 3rd party applications.

4. Careless Employees (Steady Threat)
Careless and untrained insiders will continue to be a very serious threat to organizations in 2010. Insiders can be broken down into three categories: careless & untrained employees, employees that are duped or fall prey to social engineering type attacks, and malicious employees. Protecting a network and critical and sensitive data is done very differently for each type. Policies, procedures, training and a little technology can make a world of difference in reducing an organization's risk to careless insiders.

5. Mobile Devices (Rising Threat)
Mobile devices have become a plague for information security professionals. There are worms and other malware that specifically target these devices such as the iPhone worm that would steal banking data and enlist these devices in a botnet. Theft is still a major cause of data breaches as mobile devices, especially laptops, are the main culprits. Tens of thousands of laptops are stolen each year and often these have sensitive data that require public disclosure as a data breach.

6. Social Networking (Rising Threat)
Social networking sites such as Facebook, MySpace, Twitter and others have changed the way people communicate with each other, but these sites can pose serious threats to organizations. One main problem is that there is a trust component to these sites which makes them fertile ground for identity thieves. There is also a personal safety issue. Social networking sites are a stalker's dream come true. Social networking sites are breeding grounds for SPAM, scams, scareware and a host of other attacks and these threats will continue to rise.

7. Social Engineering (Steady Threat)
Social engineering is always a popular tool used by cyber criminals and phishing is still a popular method for doing just that. In fact, these new venues make social engineering even more effective. This year will have an added measure of complexity when it comes to social engineering attacks. Beginning sometime mid-2010, domain names will be expanded to include Japanese, Arabic, Hindi and even Greek characters, and with all of these characters being available for domain names, no longer will looking at a domain help one determine if it's legitimate or not.

8. Zero-Day Exploits (Rising Threat)
Zero-day exploits are when an attacker can compromise a system based on a known vulnerability but no patch or fix exists, and they have become a very serious threat to information security. Zero-day vulnerabilities are being discovered in traditionally very secure protocols such as SSL and TLS. The zero-day vulnerability could also be in providers.

9. Cloud Computing Security Threats (Rising Threat)
Using cloud based (i.e. Internet based) applications may not be as secure as once thought with many stories in 2009 regarding cloud based security issues. Many are calling for forced encryption to access "in the cloud" services. As cloud computing grows in popularity over the next few years, cloud security will become a very big issue.

10. Cyberespionage (Rising Threat)
Cyberespionage is a threat that's being heard more and more all the time and there have been a flood of stories in 2009 on this subject. Most of these incidents surround government bodies and agencies and therefore have not been a huge threat to most individual organizations. However, since cyberespionage has major implications for the government, it is a rising threat that must be closely monitored.

"Information security is an ever-evolving discipline that requires tremendous expertise, time, and money to effectively manage. Every organization should take stock of what they are doing today and how well their current solutions mitigate the risk of the top 10 threats. In most cases, adjustments will need to be made and new technology should be implemented to ensure that the organization is properly prepared for what cyber criminals, spammers, phishers and hackers are planning for 2010," Prince said.

Featured

  • Pragmatism, Productivity, and the Push for Accountability in 2025-2026

    Every year, the security industry debates whether artificial intelligence is a disruption, an enabler, or a distraction. By 2025, that conversation matured, where AI became a working dimension in physical identity and access management (PIAM) programs. Observations from 2025 highlight this turning point in AI’s role in access control and define how security leaders are being distinguished based on how they apply it. Read Now

  • Report: Cyber Attackers Continue to Turn to AI-Based Tools to Avoid Detection

    Comcast Business recently released its 2025 Cybersecurity Threat Report, a comprehensive analysis of 34.6 billion cybersecurity events detected between June 1,2024 and May 31, 2025. Now in its third year, the report offers business leaders a unique perspective into the evolving threat landscape and provides actionable insights to help organizations strengthen their defenses and align cybersecurity with business risk. Read Now

  • Axis Communications Creates AI-powered Video Surveillance Orchestra

    What if cameras could not only see the world, but interpret it—and respond like orchestra musicians reading sheet music: instantly, precisely, and in perfect harmony? That’s what global network technology leader Axis Communications set to find out. Read Now

  • Just as Expected

    GSX produced a wonderful tradeshow earlier this week. Monday was surprisingly strong in the morning, and the afternoon wasn’t bad at all. That’s Monday’s results and asking attendees to travel on Sunday. Just a quick hint, no one wants to give up their weekend to travel and set up an exhibit booth. I’m just saying. Read Now

    • Industry Events
    • GSX

  • NOLA: The Crescent City

    Twenty years later we finds ourselves in New Orleans. Twenty years ago the aftermath of Hurricane Katrina forced exhibitors and attendees to look elsewhere for tradeshow floor space. Read Now

    • Industry Events
    • GSX
Most   Popular

New Products

  • EasyGate SPT and SPD

    EasyGate SPT SPD

    Security solutions do not have to be ordinary, let alone unattractive. Having renewed their best-selling speed gates, Cominfo has once again demonstrated their Art of Security philosophy in practice — and confirmed their position as an industry-leading manufacturers of premium speed gates and turnstiles.

  • A8V MIND

    A8V MIND

    Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area.

  • Unified VMS

    AxxonSoft introduces version 2.0 of the Axxon One VMS. The new release features integrations with various physical security systems, making Axxon One a unified VMS. Other enhancements include new AI video analytics and intelligent search functions, hardened cybersecurity, usability and performance improvements, and expanded cloud capabilities