Twitter was hit with a malicious worm, the second worm attack the site experienced in over a week. It's no surprise, perhaps, that the rise of social networks have given cyber-criminals a whole new realm in which to wreak havoc. While many people have learned to not open suspicious-looking files, clicking on links via Facebook friends and Twitter followers seems to be yet another area in which a better understanding of security needs to be taught.Over the weekend,
The social element has always been one of the weakest links in security. In other words, no matter the technological protections, human behaviors can be terribly insecure, as an experiment at Defcon this summer demonstrated (every company participating in a security contest had one of their employees hand over security data). So arguably, this social piece - the encouragement and expectations that we all "share" - may create even more vulnerabilities as social networks grow.
But that social piece isn't the only challenge to network security. Here is a list of 5 more security trends that companies will face in coming months:
- The emphasis will be on protecting information, not just systems: As consumers and businesses alike move to store more and more of their important information online, the requirements for security will go beyond simply managing systems to protecting the data these systems house. Rather than focusing on developing processes for protecting the systems that house information, more granular control will be demanded - by users and by companies - to protect the data stored therein.
- Tackling myths about security and the cloud: One of the reasons consistently given for not moving to the cloud is fears about security. As cloud computing continues its adoption, both vendors and customers will have to better understand the questions to ask and the services to provide in order to maintain security.
- New platforms and new devices will create new opportunities for cybercriminals. Security threats have long been associated with personal computers running Windows. But the proliferation of new platforms and new devices - the iPhone, the iPad, Android, for example - will likely create new threats. The Android phone saw its first Trojan this summer, and reports continue with malicious apps and spyware, and not just on Android.
- Malware will appear on "reputable" sites. No longer is it simply "sketchy" website that are poised to infect users' computers, as sites like the New York Times find themselves hosting malware. As computer users have become more savvy about email scams, some scammers are starting to purchase advertising on reputable sites instead.
- "Old" threats still pose a risk. Although SQL-injections, cross-site-scripting, and vulnerabilities in various applications are not new, they continue to be one of the main entry points for attackers gaining access to networks and data.
The pressure will be on for companies to move quickly to respond to these vulnerabilities. Although new techniques are constantly being developed, many organizations still have much to do in order to secure themselves from older threats to their networks. And as always, the human element - the people who click on strange links, via Direct Message, via email, or via web advertising - will be the biggest hurdle for organizations to overcome.
Photo credits: Flickr user Scott Davidson