Skip to content


10 Security Predictions for 2011 from Imperva

It’s prediction season on the Internet, and today’s dose of futurism comes from security firm Imperva. The company just released its Security Trends for 2011 paper. Among other things, Imperva predicts consolidation of the cyber-crime industry, convergence in international privacy and data security laws, and more state-sponsored cyber-attacks targeted at private industry.

Sponsor

Trend #10: Convergence of Data Security and Privacy Regulation Worldwide

Imperva cites cooperation between the FTC and the EU on data security laws and the recently announced White House subcommittee on privacy and security ( “with the goal of fostering consensus in legislative, regulatory, and international Internet policy realms”) as evidence of a trend towards standardized international security and privacy laws.

Trend # 9: Cyber Security Becomes a Business Process

The report claims that “security is no longer a tactical technical activity, but is becoming a strategic business process.” Imperva cites acquisitions of security companies by traditional tech companies like Intel and HP and the increased presence of security practices in companies’ business objects as evidence. The report suggests that security professionals need to become business process experts.

Trend #8: Hackers Feeling the Heat

Imperva predicts smaller criminal operations will either be stamped out by international law enforcement, or acquired by larger organizations. “The current powerful cyber-crime organizations will consolidate their power and grow (after all, antitrust laws don’t apply to them),” the report says. Cisco has previously commented on how similar cybercrime is to traditional business in its Mid-Year Security Report, report.

Trend #7: Mobile Devices Compromise Data Security

This one’s pretty self-explanatory: Imperva expects to see data breaches caused by mobile devices in one way or another. Lost or stolen devices, trojans that target mobile devices, security breaches at carriers (like the AT&T iPad e-mail leak) and security flaws in mobile apps (like those found in Citi’s app) are all possible causes. Those seeking advice on security in the post-PC era should check out our coverage of a Forrester report on the subject.

Trend #6: Data Security Goes to the Cloud

That other hot security topic, cloud security, is also addressed in the report. Imperva expects that good technical solutions to cloud application security will emerge in 2011, but that data security (protection for data stores in the cloud) will lag behind. We suggest readers check out our post 5 Resources for Migrating to the Cloud Securely.

Trend #5: File Security Takes Center Stage

Imperva predicts a rise in data breaches in he form of compromised files (such as Excel spreadsheets) rather than database records. This will lead to a greater demand for solutions to secure file repositories and file servers.

Trend #4: Misanthropes and Anti-socials: Privacy vs. Security in Social Networks

The report cites recent measures Facebook has taken recently to improve privacy on its site as evidence that social networks will continue to improve security and privacy options. It seems that the Google Buzz class-action lawsuit would further support this prediction.

Trend #3: Man in the Browser Attacks Will Man Up

Imperva suggests that “Man-in-the-Browser” attacks (also known as “proxy trojans”) will increase and become more sophisticated in 2011. According to the report:

Most prominent Trojans, such as ZeuS, Gozi, URLZone, Sinowal, Limbo and SpyEye, all have MitB capabilities that allow then to selectively intercept requests and replies and manipulate them based on configuration files delivered from the C&C. Quite commonly, such malware injects additional fields into HTML forms and sends out the information from the to the attacker.

Trend #2: The Insider Threat – it’s much much more, than you had imagined

The report cites a study Imperva conducted that found that insider data breaches are actually more common than external breaches. However, the report says, external breaches are more likely to be reported. Imperva suggests that as privacy regulation will force companies to disclose more breaches and the insider threat will become more apparent.

Trend #1: Advanced Persistent Threat (APT) Meets Industrialization

Imperva expects to see more state-sponsored cyber-attacks in the 2011. As we just reported, the Stuxnet worm was most likely designed specifically to sabotage nuclear facilities. The report says “all fingers are pointing to government agencies as the Stuxnet driver” and notes that this is a departure from profit-driven cybercrime. The report cites the 2009 botnet driven denial-of-service attack that hit the US and South Korea, but it was never proven conclusively that North Korea was behind the attack. Oddly, the report doesn’t mention Operation Aura, another likely case of government backed cyber-espionage.

Discuss


Posted in General, Technology, Web.

Tagged with .


0 Responses

Stay in touch with the conversation, subscribe to the RSS feed for comments on this post.



Some HTML is OK

or, reply to this post via trackback.