IT security forecast 2010: Hope for the best and prepare for the worst
It's that time of year again. Time to recap the things which happened in the past year and give our predictions for what will happen in the future. Are you ready for prognostications of doom...and malware in our phones and our microwaves and cars? Or can we finally dispense with that tradition, once and for all?
There was a time where I was party to predicting a surge in malware on an ever-widening variety of platforms. It certainly made sense. We've seen viruses and trojans and exploits for every smartphone platform which has ever come and gone. There have been trojans for various gaming platforms (one for Nintendo, one for Sony's PlayStation) and we're finally seeing Mac malware with financial motive. So in a limited sense, some of those predictions were right.
However, in another sense, it doesn't really matter who's right or wrong, whether we're on track to a global cyber apocalypse. The cyber neighborhood you're in could be completely safe, but if someone determines your system to be an easy target, they can and will come after you alone.
Conversely, you could be in the middle of a cyber “felony flats”, and if your system is well protected, they will likely go on to another, easier target.
So here are my predictions for the next year:1. Social engineering will still be king of vulnerabilities. Malware authors will use the latest juicy news and gossip to frighten or titillate people into running their wares.
2. Malware authors will follow the money. If there is a platform that malware authors find lucrative, they will pursue it.
3. Hackers will seek notoriety. There is cash and cachet to be found in finding vulnerabilities in software and platforms outside the most popular areas of attack. Expect that there will be proof-of-concept malware and maybe even something found in the wild.
4. The best rules for security and risk assessment will still apply. Be smart about your passwords. Don't open email attachments you're not expecting. Downloading pirated software is a no-no. Malware authors and scam artists will try their darnedest to get in your face. This is all old hat. I'm sure you can recite it in your sleep.In short, the best course of action is to continue preparing for the worst and hoping for the best. If you've got more “worst” than is acceptable in your situation and you don't know why, invest in some risk assessment tools or services and find out where it is getting in. If you already know where it is getting in, perhaps this is the year to try something radically different to fix it. Maybe that's new technology, maybe that's a new policy.