According to these speakers, most cyber-attackers currently making a ruckus range from organized crime to extortionists. And they're broadening their range of targets.
Many are taking advantage of vulnerabilities in home and small office computers. Since many large organizations have made strides in shoring up their corporate LANs, online criminals find the smaller guys easier and more useful victims.
Home users and small offices typically still have inadequate knowledge and resources to deal with the countless holes and threats. By taking this route, today's more savvy cyber-attackers are able to establish bot networks to launch multi-flank attacks on more profitable targets. As well as the expansion of bot networks, more cross-platform and application-layer vulnerabilities and malware will be a continuing problem.
Beyond these issues, the time between identifying a vulnerability and scripted/automated attack aiming at that hole will shrink to nearly zero days. Web browser vulnerabilities will lead to attacks as well, and incidents of identity theft will rise. Organizations will also need to buff up defenses against the more mundane and often overlooked area of physical security.
All these pressures will be compounded when dealing with wireless devices and endpoints outside the immediate perimeter of the corporate network. And, with more end-users relying on various personal devices to keep them connected, 2005 will see even greater melding of personal and professional lives that equates to a critical need to know who is connecting to the LAN.
Given this mess of exposures one might think a digital Pearl Harbor is just around the corner. But Walter Dykas, director of network security at the Oakridge Department of Energy facility, for example, is one of those who doesn't subscribe to that view.
"I believe it's [going to be] more of an infrastructure-crumbling sort of thing," he says. "The information technology cycle moves ahead, but leaves the infrastructure behind."
But this thinking might foretell of something worse – with increasing weakness and more threats, even the best of IT security professionals could have difficulty keeping up.
Well, maybe. With initiatives by groups such as ISSA, ISACA and ASIS International, I hope that the best IT security pros will get better, and the cybercriminals will crumble before our systems do.
Illena Armstrong is the U.S. editor
What do you think about how online crime is developing? Email [email protected]