Enterprises will soon become the key drivers of the mobile phone security market, analysts believe.
Alan Goode, senior analyst at Juniper Research, said: "Corporate IT managers are getting very worried about the use of mobile devices on corporate networks, but the devices currently fall between the cracks, and nobody is certain who is responsible for them. IT managers want to take control, and this will prove a key driver in the mobile security market."
Numerous surveys indicate high penetrations of smartphones in enterprise environments, but the handsets are often owned by individual workers, rather than the company, leading to a lack of coherent security policies.
Goode also pointed to big-name security vendors shifting their focus to the mobile space, as slowing sales in the PC market begin to bite.
He added: "In terms of threats, I think we may see some incidents in 2007, and they're likely to be spyware-orientated, rather than traditional virus-type attacks."
Late last year, researchers at McAfee found a commercial phone spying application, designed to log phone call details and SMS messages, distributed as part of a multi-dropper Trojan. The Symbian spyware was the first to be detected "in the wild".
Encryption may about to become easier to implement, because an industry body is developing a standard for managing symmetric encryption keys.
Although enterprise demand for encryption is growing because of the impact of new regulations (PCI, HIPAA, etc), there is still no standard method of managing keys. Each vendor has its own proprietary scheme, and this can cause interoperability issues.
Industry body OASIS (Organisation for the Advancement of Structured Information Standards) has proposed a specification, essentially an API, called Symmetric Key Services Markup Language (SKSML). The theory is that this specification will allow key management across a variety of platforms. The details are to be thrashed out on 16 January by the newly formed OASIS Enterprise Key Management Infrastructure (EKMI) Technical Committee.
Cyber-terror could be a new and unwelcome feature of 2007, according to experts.
The US government issued a warning to private financial institutions in late December 2006, stating that Al Qaeda was planning to destroy their databases.
Although the concept of terrorists using the internet as a vector for attacks is not new, the increasingly business-critical nature of IP-based systems lends the idea more weight. Analysts have also pointed to the possibility of conventional attacks being perpetrated in parallel with the cyber-attack of emergency VOIP phone lines.
"Cyber-terror used to be a matter of fiction and scare stories," said Raimund Genes, anti-malware CTO at Trend Micro. "But it may become reality during next year."
The warning followed a call from a group called ANHIAR al-Dollar for Muslims to attack US financial firms.
Online bank fraud rocketed last year, with UK consumers seeing an 8,000 per cent increase in banking scams, according to a government watchdog.
The Financial Services Authority (FSA) told the House of Lords science and technology committee it was "very concerned" about the growth in phishing attacks.
Between January and June 2005, 312 incidents were recorded, but this leapt to 5,059 in the same period in 2006, according to figures from banking trade body APACS. In the first half of 2006, £23.2 million was stolen, the committee heard, with about £22.5 million stolen in the second half of the year.
Philip Robinson, the FSA's head of financial crime, said he thought online banking was generally safe, but raised concerns about banks' lack of transparency concerning online fraud.
VoIP security is set to become one of the top issues of the year, claim experts, as businesses and consumers are attracted by lower voice call charges.
However, as VoIP penetration increases, so VoIP security threats such as DDoS, voice spam, "vhishing" and fraud will become more prevalent.
Analysts point out that many business IP networks will have to be toughened significantly to cope with VoIP, where delays in packet routing would be disastrous, as opposed to current email and web applications, where minor speed fluctuations are less critical to users.
David Endler, author of VoIP Hacking Exposed and chair of the VoIP Security Alliance, said: "VoIP has unique and very strict networking requirements, and we'll begin to see genuine threats to business VoIP emerging in 2007. Vhishing will definitely be a key tactic, as users are not yet suspicious of phone calls in the same way they distrust email."
A new year, a new OS - consumers will finally be able to get their hands on Vista at the end of this month, but experts say the security benefits will be initially negligible.
Microsoft competitors Sophos and Kaspersky have made much of the fact that Vista's additional security features won't prevent viruses using a social engineering vector. These accounted for 40 per cent of the malware in circulation during December last year.
Threats such as Stratio-Zip, Netsky-D and MyDoom-O will be stopped by the email system built into Vista, Windows Mail Client, but not by third-party email clients, according to Sophos.