Skip to main content

More Malicious Attacks on the Threat Horizon warns ISF

The Information Security Forum (ISF) is warning of an increase in malicious threats including attacks from organised crime and industrial espionage, along with a rise in mobile malware and Web 2.0 vulnerabilities.

These are just some of the predictions that will heighten information security challenges over the next few years, highlighted in an ISF report entitled Threat Horizon 2010.

The report draws on the knowledge and practical experiences of ISF Members, comprising some 300 of the world's largest business and public sector organisations.

The ISF is already seeing a shift from indiscriminate events to highly targeted and planned attacks by organised crime groups that are developing more sophisticated 'business' models for extorting the e-economy and money laundering.

A combination of social engineering and technical attacks are increasingly being used to steal identities and information in order to commit fraud.

"Criminal groups now see online crime as a lucrative and low risk alternative to robbing a bank," says Andy Jones, a Senior Research Consultant at the ISF and the report's author. "And with the problems of protecting large volumes of sensitive information held in organisations electronically, businesses are also under the increasing threat from targeted espionage and the loss of competitive advantage or intellectual property."

The ISF also warns of the proliferation of malware aimed at mobile devices, which do not have the same anti-virus or security controls as traditional networks and PCs. The growing trend of mobile and remote working will inevitably attract new forms of mobile malware designed, for example, to create fraudulent payments or denial of service attacks.

"The mobile internet is still in its relative infancy and it is important that consumers do not lose confidence in mobile transactions," says Jones. "Companies will also face new challenges to manage and secure their corporate mobile devices to prevent employees from leaking information, either voluntarily or involuntarily."

A third area of growing risk according to the ISF is the rise of social networking sites such as Facebook and Bebo that have become a popular part of office culture.

In addition to providing another channel for the accidental leakage of corporate information, the ISF believes that cyber criminals will adapt new methods of attack to target the vulnerabilities of social networking sites.

Virtual worlds such as Second Life may also present new risks if brand damage in the virtual world translates back into the real world.

Other threats on the horizon according to the ISF include the weakening of infrastructures due to power cuts and internet failures; tougher legislation and compliance burdens; increased outsourcing and off-shoring operations; insecure coding that is vulnerable to attack; and erosion of the traditional network boundary that leaves data at greater risk.

And finally, the ISF report highlights the risk presented by a new techno-generation corporate culture driven by a younger, more technologically aware workforce. While more technically adept, these new employees must also be made fully aware of information risks and the need for tighter controls that may restrict their IT freedom.

Désiré has been musing and writing about technology during a career spanning four decades. He dabbled in website building and web hosting when DHTML and frames were en vogue and started writing about the impact of technology on society just before the start of the Y2K hysteria at the turn of the last millennium. Following an eight-year stint at where he discovered the joys of global tech-fests, Désiré now heads up TechRadar Pro. Previously he was a freelance technology journalist at Incisive Media, Breakthrough Publishing and Vnunet, and Business Magazine. He also launched and hosted the first Tech Radio Show on Radio Plus.