Content

Changing facts of web crime must be faced

According to these speakers, most cyber-attackers currently making a ruckus range from organized crime to extortionists. And they're broadening their range of targets.

Many are taking advantage of vulnerabilities in home and small office computers. Since many large organizations have made strides in shoring up their corporate LANs, online criminals find the smaller guys easier and more useful victims.

Home users and small offices typically still have inadequate knowledge and resources to deal with the countless holes and threats. By taking this route, today's more savvy cyber-attackers are able to establish bot networks to launch multi-flank attacks on more profitable targets. As well as the expansion of bot networks, more cross-platform and application-layer vulnerabilities and malware will be a continuing problem.

Beyond these issues, the time between identifying a vulnerability and scripted/automated attack aiming at that hole will shrink to nearly zero days. Web browser vulnerabilities will lead to attacks as well, and incidents of identity theft will rise. Organizations will also need to buff up defenses against the more mundane and often overlooked area of physical security.

All these pressures will be compounded when dealing with wireless devices and endpoints outside the immediate perimeter of the corporate network. And, with more end-users relying on various personal devices to keep them connected, 2005 will see even greater melding of personal and professional lives that equates to a critical need to know who is connecting to the LAN.

Given this mess of exposures one might think a digital Pearl Harbor is just around the corner. But Walter Dykas, director of network security at the Oakridge Department of Energy facility, for example, is one of those who doesn't subscribe to that view.

"I believe it's [going to be] more of an infrastructure-crumbling sort of thing," he says. "The information technology cycle moves ahead, but leaves the infrastructure behind."

But this thinking might foretell of something worse – with increasing weakness and more threats, even the best of IT security professionals could have difficulty keeping up.

Well, maybe. With initiatives by groups such as ISSA, ISACA and ASIS International, I hope that the best IT security pros will get better, and the cybercriminals will crumble before our systems do.

Illena Armstrong is the U.S. editor

What do you think about how online crime is developing? Email [email protected]

Related

DevSecOps Scanning Challenges & Tips

There are many ways to do DevSecOps, and each organization — each security team, even — uses a different approach. Questions such as how many environments you have and the frequency of deployment of those environments are important in understanding how to integrate a security scanner into your DevSecOps machinery. The ultimate goal is speed […]

It Should Be ‘Cybersecurity Culture Month’

It’s Cybersecurity Awareness Month, but security awareness is about much more than just dedicating a month to a few activities. Security awareness is a journey, requiring motivation along the way. And culture. Especially culture.That’s the point Proofpoint Cybersecurity Evangelist Brian Reed drove home in a recent appearance on Business Security Weekly.“If your security awareness program […]

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.