Company Says Malware, Malicious Insiders Top Information Security Threats For 2010

  • Jan 15, 2010

Perimeter E-Security recently unveiled its Top 10 information security Threats for 2010.

"The start of a new year is a great time for companies to evaluate their information security practices and begin thinking about what threats they'll be facing in the coming year," said Kevin Prince, CTO of Perimeter E-Security. "As these security threats are becoming more serious and difficult to detect, it is vital for companies to understand what they can do to best protect their systems and information."
Perimeter's ranking of the Top 10 information security threats for 2010:

1. Malware (Rising Threat)
Last year, Malware was listed as the second highest ranked threat to organizations on Perimeter E-Security's list of top threats. There are many methods to install malware on systems, including the use of client-side software vulnerabilities. Browsers remain a top target for vulnerabilities. In 2009, the FBI reported that for the first time ever, revenue from cybercrime had exceeded drug trafficking, estimated at taking in more than one billion annually in profits.

2. Malicious Insiders (Rising Threat)
Malicious insiders were listed as the top threat for 2009, but have fallen to the  No. 2 spot for 2010. With the downturn in the economy last year, it was no surprise that many desperate and disgruntled employees attempted to exploit the companies they currently or previously worked for. There is no way to eliminate the threat of malicious insiders completely, but through good security policies and followed procedures, the incidents could be a fraction of what they are today. With the economy still suffering and still high unemployment levels, Malicious Insiders will continue to be a threat.

3. Exploited Vulnerabilities (Steady Threat)
Vulnerability exploit is at the heart of hacking and data breaches. Worms, viruses, malware, and a host of other attack types often rely on vulnerability exploit to infect, spread and perform the actions cyber criminals want. And yet, organizations are still not doing what they need to for patch management. Hackers are more often exploiting client side vulnerabilities and other vulnerabilities associated with 3rd party applications.

4. Careless Employees (Steady Threat)
Careless and untrained insiders will continue to be a very serious threat to organizations in 2010. Insiders can be broken down into three categories: careless & untrained employees, employees that are duped or fall prey to social engineering type attacks, and malicious employees. Protecting a network and critical and sensitive data is done very differently for each type. Policies, procedures, training and a little technology can make a world of difference in reducing an organization's risk to careless insiders.

5. Mobile Devices (Rising Threat)
Mobile devices have become a plague for information security professionals. There are worms and other malware that specifically target these devices such as the iPhone worm that would steal banking data and enlist these devices in a botnet. Theft is still a major cause of data breaches as mobile devices, especially laptops, are the main culprits. Tens of thousands of laptops are stolen each year and often these have sensitive data that require public disclosure as a data breach.

6. Social Networking (Rising Threat)
Social networking sites such as Facebook, MySpace, Twitter and others have changed the way people communicate with each other, but these sites can pose serious threats to organizations. One main problem is that there is a trust component to these sites which makes them fertile ground for identity thieves. There is also a personal safety issue. Social networking sites are a stalker's dream come true. Social networking sites are breeding grounds for SPAM, scams, scareware and a host of other attacks and these threats will continue to rise.

7. Social Engineering (Steady Threat)
Social engineering is always a popular tool used by cyber criminals and phishing is still a popular method for doing just that. In fact, these new venues make social engineering even more effective. This year will have an added measure of complexity when it comes to social engineering attacks. Beginning sometime mid-2010, domain names will be expanded to include Japanese, Arabic, Hindi and even Greek characters, and with all of these characters being available for domain names, no longer will looking at a domain help one determine if it's legitimate or not.

8. Zero-Day Exploits (Rising Threat)
Zero-day exploits are when an attacker can compromise a system based on a known vulnerability but no patch or fix exists, and they have become a very serious threat to information security. Zero-day vulnerabilities are being discovered in traditionally very secure protocols such as SSL and TLS. The zero-day vulnerability could also be in providers.

9. Cloud Computing Security Threats (Rising Threat)
Using cloud based (i.e. Internet based) applications may not be as secure as once thought with many stories in 2009 regarding cloud based security issues. Many are calling for forced encryption to access "in the cloud" services. As cloud computing grows in popularity over the next few years, cloud security will become a very big issue.

10. Cyberespionage (Rising Threat)
Cyberespionage is a threat that's being heard more and more all the time and there have been a flood of stories in 2009 on this subject. Most of these incidents surround government bodies and agencies and therefore have not been a huge threat to most individual organizations. However, since cyberespionage has major implications for the government, it is a rising threat that must be closely monitored.

"Information security is an ever-evolving discipline that requires tremendous expertise, time, and money to effectively manage. Every organization should take stock of what they are doing today and how well their current solutions mitigate the risk of the top 10 threats. In most cases, adjustments will need to be made and new technology should be implemented to ensure that the organization is properly prepared for what cyber criminals, spammers, phishers and hackers are planning for 2010," Prince said.

Featured

  • Data Driven, Proactive Response

    As cities face rising demands for smarter policing and faster emergency response, Real Time Crime Centers (RTCCs) are emerging as essential hubs for data-driven public safety. In this interview, two experts with deep field experience — Ross Bourgeois of New Orleans and Dean Cunningham of Axis Communications — draw on decades of operational, leadership and technology expertise to share how RTCCs are transforming public safety through innovation, interagency collaboration and a relentless focus on community impact. Read Now

  • Integration Imagination: The Future of Connected Operations

    Security teams that collaborate cross-functionally and apply imagination and creativity to envision and design their ideal integrated ecosystem will have the biggest upside to corporate security and operational benefits. Read Now

  • Smarter Access Starts with Flexibility

    Today’s workplaces are undergoing a rapid evolution, driven by hybrid work models, emerging smart technologies, and flexible work schedules. To keep pace with growing workplace demands, buildings are becoming more dynamic – capable of adapting to how people move, work, and interact in real-time. Read Now

  • Trends Keeping an Eye on Business Decisions

    Today, AI continues to transform the way data is used to make important business decisions. AI and the cloud together are redefining how video surveillance systems are being used to simulate human intelligence by combining data analysis, prediction, and process automation with minimal human intervention. Many organizations are upgrading their surveillance systems to reap the benefits of technologies like AI and cloud applications. Read Now

  • The Future is Happening Outside the Cloud

    For years, the cloud has captivated the physical security industry. And for good reason. Remote access, elastic scalability and simplified maintenance reshaped how we think about deploying and managing systems. But as the number of cameras grows and resolutions push from HD to 4K and beyond, the cloud’s limits are becoming unavoidable. Bandwidth bottlenecks. Latency lags. Rising storage costs. These are not abstract concerns. Read Now

Most   Popular

New Products

  • QCS7230 System-on-Chip (SoC)

    QCS7230 System-on-Chip (SoC)

    The latest Qualcomm® Vision Intelligence Platform offers next-generation smart camera IoT solutions to improve safety and security across enterprises, cities and spaces. The Vision Intelligence Platform was expanded in March 2022 with the introduction of the QCS7230 System-on-Chip (SoC), which delivers superior artificial intelligence (AI) inferencing at the edge.

  • PE80 Series

    PE80 Series by SARGENT / ED4000/PED5000 Series by Corbin Russwin

    ASSA ABLOY, a global leader in access solutions, has announced the launch of two next generation exit devices from long-standing leaders in the premium exit device market: the PE80 Series by SARGENT and the PED4000/PED5000 Series by Corbin Russwin. These new exit devices boast industry-first features that are specifically designed to provide enhanced safety, security and convenience, setting new standards for exit solutions. The SARGENT PE80 and Corbin Russwin PED4000/PED5000 Series exit devices are engineered to meet the ever-evolving needs of modern buildings. Featuring the high strength, security and durability that ASSA ABLOY is known for, the new exit devices deliver several innovative, industry-first features in addition to elegant design finishes for every opening.

  • Compact IP Video Intercom

    Viking’s X-205 Series of intercoms provide HD IP video and two-way voice communication - all wrapped up in an attractive compact chassis.