Imperva. The company just released its Security Trends for 2011 paper. Among other things, Imperva predicts consolidation of the cyber-crime industry, convergence in international privacy and data security laws, and more state-sponsored cyber-attacks targeted at private industry.It's prediction season on the Internet, and today's dose of futurism comes from security firm
Trend #10: Convergence of Data Security and Privacy Regulation Worldwide
Imperva cites cooperation between the FTC and the EU on data security laws and the recently announced White House subcommittee on privacy and security ( "with the goal of fostering consensus in legislative, regulatory, and international Internet policy realms") as evidence of a trend towards standardized international security and privacy laws.
Trend # 9: Cyber Security Becomes a Business Process
The report claims that "security is no longer a tactical technical activity, but is becoming a strategic business process." Imperva cites acquisitions of security companies by traditional tech companies like Intel and HP and the increased presence of security practices in companies' business objects as evidence. The report suggests that security professionals need to become business process experts.
Trend #8: Hackers Feeling the Heat
Imperva predicts smaller criminal operations will either be stamped out by international law enforcement, or acquired by larger organizations. "The current powerful cyber-crime organizations will consolidate their power and grow (after all, antitrust laws don't apply to them)," the report says. Cisco has previously commented on how similar cybercrime is to traditional business in its Mid-Year Security Report, report.
Trend #7: Mobile Devices Compromise Data Security
This one's pretty self-explanatory: Imperva expects to see data breaches caused by mobile devices in one way or another. Lost or stolen devices, trojans that target mobile devices, security breaches at carriers (like the AT&T iPad e-mail leak) and security flaws in mobile apps (like those found in Citi's app) are all possible causes. Those seeking advice on security in the post-PC era should check out our coverage of a Forrester report on the subject.
Trend #6: Data Security Goes to the Cloud
That other hot security topic, cloud security, is also addressed in the report. Imperva expects that good technical solutions to cloud application security will emerge in 2011, but that data security (protection for data stores in the cloud) will lag behind. We suggest readers check out our post 5 Resources for Migrating to the Cloud Securely.
Trend #5: File Security Takes Center Stage
Imperva predicts a rise in data breaches in he form of compromised files (such as Excel spreadsheets) rather than database records. This will lead to a greater demand for solutions to secure file repositories and file servers.
Trend #4: Misanthropes and Anti-socials: Privacy vs. Security in Social Networks
The report cites recent measures Facebook has taken recently to improve privacy on its site as evidence that social networks will continue to improve security and privacy options. It seems that the Google Buzz class-action lawsuit would further support this prediction.
Trend #3: Man in the Browser Attacks Will Man Up
Imperva suggests that "Man-in-the-Browser" attacks (also known as "proxy trojans") will increase and become more sophisticated in 2011. According to the report:
Most prominent Trojans, such as ZeuS, Gozi, URLZone, Sinowal, Limbo and SpyEye, all have MitB capabilities that allow then to selectively intercept requests and replies and manipulate them based on configuration files delivered from the C&C. Quite commonly, such malware injects additional fields into HTML forms and sends out the information from the to the attacker.
Trend #2: The Insider Threat - it's much much more, than you had imagined
The report cites a study Imperva conducted that found that insider data breaches are actually more common than external breaches. However, the report says, external breaches are more likely to be reported. Imperva suggests that as privacy regulation will force companies to disclose more breaches and the insider threat will become more apparent.
Trend #1: Advanced Persistent Threat (APT) Meets Industrialization
Imperva expects to see more state-sponsored cyber-attacks in the 2011. As we just reported, the Stuxnet worm was most likely designed specifically to sabotage nuclear facilities. The report says "all fingers are pointing to government agencies as the Stuxnet driver" and notes that this is a departure from profit-driven cybercrime. The report cites the 2009 botnet driven denial-of-service attack that hit the US and South Korea, but it was never proven conclusively that North Korea was behind the attack. Oddly, the report doesn't mention Operation Aura, another likely case of government backed cyber-espionage.
Photo credit: Circo de Invierno.