Some of the key challenges we are facing in 2009 focus on application security. Application security is a crucial layer in a multi-tiered cyber security strategy. Building security in at the beginning of development is an important factor in minimizing potential vulnerabilities. We’ve seen the results when vulnerabilities in web applications are exploited, leading to SQL injection attacks, cross-site scripting and other malicious activity.
Cyber criminals take advantage of commercial web sites that have poor security to add code to the web site without the knowledge of the web hosting company. That code may silently re-direct the user’s computer to another site which will download malware to the user’s computer, without the user’s knowledge; the attackers may also add a script to the site that will automatically execute on the user’s computer.
Another alarming trend continues to be the evolution of cyber crime, which has morphed from fairly innocuous web-site hacking and “graffiti” attacks to organized crime syndicates seeking profit. Cybercrime is now big business. Attackers now want your credit card and other financial information as well as your social security number. According to a recent study by McAfee, the global cost of cyber crime due to identity theft and data breaches is an estimated $1 trillion dollars. Many data thefts are orchestrated by organized crime, both in the U.S. and abroad.
The economic recession is another factor that may impact cyber security challenges. The risks due to insider threats are another major concern, and are expected to increase due to the economic downturn. Additionally, phishing scams and other social engineering attacks will increase, as attackers try to take advantage of bank closings, claims for “easy credit” or other online scams. Phishing attempts are no longer easily detected based on misspelled words in the email scam, or claims of large sums of money left to you in some foreign location, for example. The phishing scams are becoming more targeted and more “realistic” in appearance.
Holidays and major news events are still popular vehicles for compromising computers. Valentine’s Day is this month and email messages are already circulating that will infect a user’s computer when the message is clicked. Once the computer is infected, the malware will attempt to capture the user’s personal information and transmit it to the cyber criminals.