2011 will likely be remembered as one of the most infamous periods in IT history from a security standpoint. From attacks by Lulzsec and Anonymous to questions about mobile device security, 2011 had plenty of ulcer-inducing security episodes. The new year will likely have its own share of security headaches, and Symantec Senior Intelligence Analyst Paul Wood recently posted his take on what IT professionals may be losing sleep over in 2012.
First on Wood's list is the continuing threat from advanced persistent threats (APTs) that target business and government infrastructure. Wood points out that many companies aren't paying attention to critical infrastructure prevention (CIP) programs developed by state and federal governments:
"A recent Symantec Critical Infrastructure Protection (CIP) Survey found that companies are generally less engaged in their government’s CIP programs this year when compared to last. In fact, only 37 percent of companies are completely or significantly engaged in such programs this year, versus 56 percent in 2010."
We've written a lot about mobile security issues in 2011, ranging from multiple cases of malware targeting Android devices to controversy around Carrier IQ, a company that develops programs that track subscriber data for wireless carriers. Woods quotes a Gartner report that indicates more that 461 million smartphones will be sold by the end of 2011, surpassing PC sales for the first time in history.
The growth of cybercrime is another security trend to be wary of for 2012, with large criminal organizations developing tactics and strategies to separate businesses from their most important data. Woods sees that trend continuing in 2012:
"Cybercrime’s spread from the criminal underground to the business mainstream was highlighted by a surge in targeted attacks. Symantec’s November Intelligence Report shows that targeted attacks are becoming more prevalent in 2011. Large enterprises, with more than 2,500 employees, received the greatest number of attacks, with 36.7 targeted attacks being blocked each day during 2011."
The last security trend Woods pointed to was the need for improved SSL security, pointing to instances where forged SSL certificates where used by cybercriminals to carry out additional attacks. "All this has caused enterprise and consumer customers alike to begin demanding better SSL security, which started pushing CAs and website owners to further implement protections against social engineering, malware and malvertising," Woods writes. "The popularity of mobile device use and the proliferation of cloud services within the enterprise further exacerbated potential vulnerabilities and showed the increased need for reliable, strong authentication."
I'd add a few more security trends of my own to the list put together by Woods, including growing concerns about how cybercriminals are increasingly leveraging social media to obtain personal information from users. The increasing use of social media in the workplace by IT workers is also becoming a serious issue, and will undoubtedly be on the minds of many IT pros and CISOs next year.
So what security concerns will be keeping you up at night in 2012? Feel free to add a comment to this blog post or contribute to the discussion on Twitter.