Stonesoft’s 2012 IT Security Predictions
December 2011 by Stonesoft
As 2011 draws to a close, it’s time for Ash Patel, Stonesoft’s country manager for UK and Ireland, to gaze into his crystal ball and predict on what 2012 might have set in store for us:
Shocking security incidents in 2011?
None of the security incidents in 2011 were technically shocking. However, what was surprising was the fact that, at last organisations are actually publically admitting that there is a problem/breach. However, I still feel we are only at the tip of the iceberg, in terms of how many breaches occur, and as such, are only hearing about a small fraction of these breaches.
What will be new in 2012?
In 2012, I believe that we will hear a lot more about APTs and advanced malware. Using the term “APT” alone, gives little or no information as to what the problem is/was and I believe further details will be given on these types of attacks. Both the media and vendors will begin to communicate more information about the actual type of hacking method, such as AETs (another topic which I am sure we will hear lots more about in 2012). I also feel that DDoS attacks will continue to be a major problem. Furthermore, I feel we will hear a lot more about “state on state” hacking.
Hackers to become even more sophisticated
Without a doubt hackers will continue to become more sophisticated and many will become more elusive and thus difficult to capture. What really concerns me is not what we hear about but what we do not hear about; my concerns are the intellectual property and government information that may be leaking without our knowledge to rouge states and organisations.
Police to tackle cybercrime
Police are taking cybercrime, specifically the topic of hacking, more seriously. In 2012, I hope that we will see more criminal prosecutions. However, what we won’t see are the key prosecutions until we have full cooperation from the rogue states that help harbour the key hacking syndicates.
The ‘big’ issue of 2012
I wouldn’t pick any particular virus or malware to be a ‘big’ problem for 2012. However, the delivery techniques, such as AETs, will pose a big threat. Until organisations patch correctly and update AV technologies regularly, I feel that not only will we have to worry about the new zero-day viruses but also old viruses such as Conflicker etc. It is imperative organisations take a “belt and braces” approach with antivirus, using good patch management, but also IPS technologies to catch what they can’t patch against.