by Constantine von Hoffman

Top 10 List of the Top 10 Internet Security Prediction Lists

Dec 10, 20114 mins
CybercrimeData and Information SecurityData Breach

If the experts are right expect more advanced persistent threats, ransomware, social media ID theft, and requirements for IT security certification.

Here it is, so you don’t have to enter the search term yourself: Top 10 list of all the internet security prediction lists (as ranked by Google) and — for no extra charge — their #1 prediction:

1.       SANS Technology Institute: Security Grows Up – A Niche Industry No Longer – I see the most dramatic change yet coming to the IT security industry. That is the entry of the big boys. Up until now IT security has frankly been a niche industry. No one segment has gone much over $5 billion in total spending. (The market for yogurt in the US is larger than the entire firewall industry.) By the Big Boys I mean the defense industry.

2.       Stephen Northcutt of SANS: TEOTWAWKI (The End Of The World As We Know IT) — Today, if you want to call yourself security professional you have the freedom to do so, even if much of what you know is wrong. In the future, we will have to prove we are security professionals with credentials, possibly even a license. Now, folks that know me will be quick to point out that I have been saying this for some time. True, but that does not mean the gears are not turning. If you are familiar with the DoD instruction 8570, then you know that for DoD IT employees TEOTWAWKI has already happened; they have to have a certification.

3.       Fortinet: Ransomware to Take Mobile Devices Hostage – Over the past few years, FortiGuard Labs has witnessed the evolution and success of “ransomware” (an infection that holds a device “hostage” until a “ransom” payment is delivered) on the PC. Mobile malware that utilize exploits have also been observed, along with social engineering tricks that lead to root access on the infected device. With root access comes more control and elevated privileges, suitable for the likes of ransomware. FortiGuard predicts the team will see the first instances of ransomware on a mobile device in the coming year.

4.       Websense: Your Social Media Identity May Prove More Valuable To Cybercriminals Than Your Credit Cards – Bad guys will actively buy and sell social media credentials in online forums.

5.       M86 SecurityTargeted Attacks Grow More Damaging and Complex  –The past two years have marked a breakthrough in incidents of targeted attacks that were made public. This is most likely due to hacktivist groups such as Anonymous and LulzSec as well as the rise of Advanced Persistent Threats (APTs) being  used against commercial organizations. In the past year we’ve seen these kinds of attacks go to the next level, as large, global organizations and government agencies were attacked for commercial, political or military reasons.

6.       Tangled Web: Advanced persistent threats (APTs) will become more predominant – The explosion of APTs, also known as targeted attacks, against high-profile companies and government agencies in 2011 will become even more predominant in 2012. Organizations that come under fire from APTs will be at heightened risk, suffering tremendous credibility and financial loss.

7.       Wombat Security: A variety of popular mobile devices will flood the enterprise, forcing IT departments to make users more accountable for their devices – The increase and diversity of consumer devices such as smart phones, tablets and other mobile devices in the enterprise will absolutely cause a plethora of security woes for IT departments and security professionals

8.       Imperva: Security trumps compliance – In the past, security decisions were usually driven by compliance. However, in 2012 we expect to see security decisions driven by security. The past influx of laws and regulations, which drove the budget and security solutions such as PCI or SOX, were used to feed the security budget. With the cost of a breach rising, industrialized hacking impacting many organizations and the need to protect of intellectual property, we expect to see more companies making cyber security decisions based on security.

9.       Tufin: Firewall operations – Next generation firewalls will continue their strong adoption by mid- to large-size organizations. As a result of this trend, I see the operations management challenges of multi-vendor firewall environments as calling for increasing levels of automation of daily change management tasks.

10.   Lumension: More Malware – From a vulnerability perspective we will see more of the same.  In fact, McAfee’s Q3 report forecasts 75 million malware samples in 2011. IT continues to focus on primary applications and they don’t patch third party applications or browser add-ons. It is no wonder this remains our primary threat vector. While many APT incidents to-date have relied upon unsophisticated attack tools, there is a clear advantage for our foes in the use of DLL Injection malware. Expect its use to grow in 2012. Our ability to respond with traditional incident response techniques also leaves us exposed as the malware never touches the hard drive.