WebKnowHow Friday, January 19, 2007; 04:26 AM
Global security experts see a difficult year ahead for cybercrime
issues, according to a compendium of expert predictions released by
Risk Bloggers today. Among the key findings of the group, sophisticated
criminal organizations will increasingly exploit technology to stay
ahead of corporate and consumer defenses and cause unprecedented losses
in 2007. Among the key vulnerabilities cited were large groups of
zombie computers organized into Botnets, web server security holes and
uncontrolled mobile devices, such as smart phones and portable storage. According to Dave Cullinane, noted Chief Information Security Officer
and co-founder of the Alliance for Enterprise Security Risk Management,
"Attack methodologies will become dramatically more sophisticated and
dangerous. The risk of cyber-terrorism will continue to increase as
world tensions increase. Lack of preparation and plans to deal with the
consequences place countries and businesses at significant risk." These
attacks will often use Botnets, said Ira Winkler, noted security expert
and best selling author, "Botnets will create the largest losses and
potentially large scale Internet outages. Botnets enable spam, spim,
phishing attacks, distributed denial of service attacks, extortion,
etc. The attacks result in billions of dollars of thefts, millions of
dollars of extortion, and billions of dollars in productivity loss."
A related threat cited by the experts was the problem of web browser
security. Caleb Sima, Chief Technology Officer of Atlanta-based
security company SPI Dynamics, said the web tools used by software
developers are the key enabler for hackers and that in 2007, "The
security of the web application becomes the #1 concentration of
security teams". In addition, corporations are increasingly losing
control of their own networks according to Joel Scambray, noted author
and Chief Strategy Officer of Leviathan Security, "..applications and
data continue to perforate everything (inbound and out) and mobility
proliferates beyond anything we've yet imagined"
None of the experts interviewed expected significant government action
to address these issues in 2007. In addition, some experts felt that
businesses still lack a basic understanding of the importance of
information security and the Chief Information Security Officer (CISO).
CISO job security is tenuous according to Scambray, who said to "expect
more churn as exec management continues to struggle with how to
integrate security as a business imperative rather than a bolt-on."
From a business perspective, the information security industry may
break its multi-year drought of initial public offerings (IPOs). "It
has been several years since we have seen any security companies go
public. We will see 3+ security company IPOs on Nasdaq in 2007", said
Asheem Chandna, partner with leading venture capital firm Greylock
Partners, "The security sector will remain over funded, though we will
see a decline of new venture dollars into the security sector in 2007.
2007 will continue to be an active year for security M&A (mergers
and acquisitions)"
The full feature, entitled, "Ready or Not, Here Comes 2007", is available for viewing now at http://www.riskbloggers.com/jimreavis/2007/01/ready-or-not-here-comes-2007/ .
About Risk Bloggers
Risk Bloggers is an online aggregation of blogs from the top minds from
a variety of risk-based disciplines, including information security,
physical security, risk management, privacy, government and the legal
practice to contribute insightful blogs that will act as a strategic
change agent to influence the direction of technology, policy and best
practices within the industry. For more information, contact:
http://www.riskbloggers.com/
|