| You don't need a crystal ball to forecast
an increase in security threats. Even a cracked, clouded orb will show
a swirl of organized hackers, cyber theft and an expanded assortment of
devices under attack.
But in the doom and gloom there are beams of light, perhaps the sun flashing
off the swords of the good guys -- the solution providers dedicated to
protecting their clients from attacks from inside and out, from regulatory
noncompliance and devious, organized purveyors of malware, Trojan horses
and targeted cyber attacks.
One overarching theme is a more organized level of crime. After all,
the same people who smuggle heroin and arms often are behind some of the
larger or more invasive attacks on corporate or government sites. In this
organized criminal society, lower-level members are encouraged to offer
hacking services, botnet rentals and the auctioning off of harvested accounts,
said Dave Marcus, security research and communications manager at McAfee,
in a ChannelWeb article. Just as people often turn to live crime -- shoplifting
and robbery -- during recessions, the poor economy will spur some people
to become cyber criminals.
Malware, especially those targeting Web 2.0 applications, is becoming
more difficult to track due to its increasing diversity. And it only gets
worse, as malicious code writers add more variants around passwords, the
experts say. Malware is expected to explode through the new year, with
cyber criminals infusing legitimate Web sites with malicious Trojans.
"That creates a challenge for us," Zulfikar Ramzan, technical director
for Symantec Secure Technology and Response, told ChannelWeb. "There's
a lot more bad stuff than good stuff. It might lead to a shifting in the
way we do our job."
Phishers, too, are becoming even more sophisticated, banking on the fact
that people are scared during this economic downturn. It's becoming more
and more difficult to determine legitimate sites from phishing sites designed
to lure cash-strapped individuals to refinance their mortgage, extend
their credit line or improve their credit rating. And as banks close and
merge, some phishing schemes pretend to offer to transfer details between
old and new, experts said. "Phishing has become so well architected, it's
hard to distinguish, 'Is it my bank or is it not?' " said Anthony James,
vice president of products for Fortinet, in ChannelWeb's 10 Security Predictions
slide.
The Nigerian banking scheme will continue in its various iterations,
but will no longer be sent in a foreign language or filled with grammatical
errors and spelling mistakes. Instead, hackers will do more background
work and use customized malware to make their e-mails appear legitimate,
using the native language, correct punctuation and some personal details
to trap their online prey, according to Fortinet.
Social networking sites -- which increasingly are being adopted by corporate
America and celebrities -- also are attracting the bad guys. There will
also be a surge of spoof sites that play on users' intrinsic trust when
they see a missive sent by a purported 'friend.' Likewise, rabid gamers
around the globe will be under greater attack -- not from zombies, warriors
or hyper-aggressive avatars, but from cyber criminals that increasingly
are launching Trojans that steal passwords, allowing them to then hold
players' winnings hostage until the criminals receive real cash in exchange
for the players' online gaming winnings.
Of course, there's always the threat from within: Disgruntled employees
or former employees given the axe while retaining access to company computers.
Solution providers must ensure that clients have procedures and technologies
in place to prevent someone, angered by the lack of holiday bonuses, from
divulging company secrets or bringing down the network.
But there is good news in this mass of fear -- really! Realizing they
are not up to the task of adequately protecting their corporate data and
having successfully outsourced other aspects of their organizations, businesses
are moving to Security-as-a-Service to cut costs, improve safety and reduce
headcount. Managed service providers will find far less resistance to
Security-as-a-Service, especially in SMB companies looking to save money,
as well as some enterprises.
The government, too, is indirectly helping the channel -- on this issue
anyway -- with the pending compliance deadlines for Payment Card Industry
Data Security Standards, meaning companies must enhance their security
infrastructure or face penalties. Any business that accepts credit cards
must invest further in tools such as data loss prevention and encryption
solutions, as well as auditing and reporting tools and services, according
to experts.
Vendors are helping VARs and their clients by creating new lines of consolidated
solutions, reducing multiple point products to affordable, simple and
easily managed devices. Often these devices will feature security and
networking, storage or WAN optimization abilities, according to Fortinet.
This means new product sales and services for solution providers looking
to help clients manage their security. Ingram Micro provides a wide selection
of these technologies, as well as training and support for both sales
and technical sides of the business.
So when you peer into the future, know that while there truly are evil
cyber forces at work, there are equally intelligent, driven people and
businesses -- vendors, government security agencies, solution providers
and partners such as Ingram Micro -- that invest heavily in resources
to protect their clients, customers and colleagues.
|
