Security trends for 2010

Nigel Hawthorn, VP EMEA marketing at application delivery network software vendor Blue Coat, predicts the top five security trends that resellers operating in the Middle East should prepare for in 2010.

Tags: BahrainBlue Coat Systems IncorporatedCloud computingKuwaitNigeriaSaudi ArabiaUnited Arab Emirates
  • E-Mail
Security trends for 2010 Nigel Hawthorn insists there will be a number of major threats that the security industry will have to wise up to over the next year.
By  Nigel Hawthorn Published  January 3, 2010 Channel Middle East Logo
Web threats on the rise

In just the first six months of 2009, new malware exceeded all malware detected in 2008. Phishing was also up 585% over the first six months of 2009, and more than 300 corporate brands were victimised. In 2010, that will continue unabated.

Business has moved to the web as companies increasingly adopt external, web-based applications and employees bring consumer applications into the enterprise.  Malware is following the money, and on the internet it has found a fertile environment.

Search engine poisoning

Search engine poisoning, where cybercriminals exploit search engine algorithms to position hacked sites higher in the results, is an easy way to drive users to malware, particularly of the variety that offers fake anti-virus scanners or fake warez (any type of software but most commonly pirated software, games, music or other applications).

In 2010, the ease with which results can be tainted through blogs will encourage more attacks.

Search engines are the access point to the internet for almost all users, and the faith put in not just the relevance but also the safety of the results produced by leading search engines provides easy pickings for cybercriminals.

Multiple relay attacks

Attacks that feature multiple relays (from search results to one or more hacked blog pages to the malware deliverable) will become more prolific and complex to subvert detection. These types of attacks expect users to come from a specifically defined path and will not execute if the user does not follow that path.

This “path-awareness” makes it very difficult for traditional anti-virus defences to detect. Multi-link attacks will become more complex as cybercriminals layer in additional relays to try and subvert detection.

Enterprise vulnerabilities

While careless users have traditionally been a security risk, web-based threats exploit human behaviour on a whole new level by tapping into the trust model that is at the foundation of how people use the internet. In networks like Twitter and Facebook, users build online relationships with people they know and invite into their circle.

Cybercriminals disrupt the trust that is inherent in these relationships through stolen log-ins that prey on the unsuspecting users. The combination of attacks that exploit the trust model and search engine poisoning that relies on users to click on the top search engine results without question will prove to be one of the biggest threats for enterprise security managers in 2010.

Cloud comes to the rescue

To effectively combat dynamic, web-based malware and attack methods, businesses will increasingly need a defence that can respond in real-time without updates. That is impossible to do with only an on-premise or client defence. Instead, cloud-based technologies will increasingly augment traditional defences so real-time inputs result in real-time outputs and protection for a large group of people versus a single person or business. With attacks that exist for as little as two hours, security needs to move rapidly.  And, in 2010, the first place it is going is to the cloud.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code