Tag Archives: applications

ISNow – Emerging Threats

The following introduction was originally published in the BCS Information Security Now Magazine, Winter 2007/2008 issue (Volume 2, Issue 2), which was on the topic of Emerging Threats:

“I’m sure we all have a perspective on what threats we expect to see come to the fore over the coming year(s). If we listen to the vendors, all manner of dooms await us around each corner and we should buy their latest technology to cure our ills. I too have a few ideas of what might cause us some pain in 2008…

Individuals

  • Not allowing policy, procedure, technology or common sense to get in the way of doing daft things (like exposing customers’ personal information)
  • Not understanding the value of personal information, and putting it online or leaving it lying around – for others to make use of
  • Continuing to click on attachments and links which expose them to increasingly effective malicious software

Virtualisation

  • Moving from a physical to logical architecture will complicate security and resilience if not properly considered and catered for in (re)design
  • Responding to incident will need to recognise that logical system can be collocated on shared hardware, or distributed (even internationally)
  • Legally admissible forensics will be hampered by ephemeral nature of virtual machines, combined with jurisdictional problems if off-shored

Applications

  • Developing becomes more rapid, with less focus on a robust software development lifecycle methodology than get the latest beta online
  • Attackers will increase their focus on finding vulnerabilities in applications, rather than at systems and networks, which are now more security aware
  • Web 2.0, mash-ups and other haphazard application development will make interesting targets for those wishing to expose weak security

May I wish you a happy, safe and secure 2008.”

A PDF version of the magazine is available online at:

http://www.bcs.org/upload/pdf/isnow-winter08.pdf