Welcome Guest. | Log In | Register | Membership Benefits

Tech Insight: Six Security Threats You Need To Know About

Security pros will have their hands full with revamped versions of current threats, while new ones also will bubble to the top

Jan 07, 2011 | 03:21 PM | 

By John Sawyer, Contributing Writer

Security professionals were inundated with new attacks -- and even some old ones were given new life -- in 2010. We saw Adobe Acrobat and Flash became the No. 1 target of malware and penetration testers as new zero-day vulnerabilities were discovered and left unpatched for weeks, even months in some organizations.

On top of the everyday problems that security pros face, there was a huge uptick in malware that seemed to be coming at us from all directions. According to a report from Panda Security, 2010 was responsible for more than one-third of all known malware.

Many of the attacks that were discovered, as well as those that resurfaced, are likely to be around for a while as we move into 2011. Whether they will be a concern for your organization is something best left to a proper risk assessment; some might not be applicable. For example, if your computers are not connected to the Internet and USB flash drives are not allowed, then it's highly unlikely malware looking to steal online banking credentials will be an issue.

Following is a list of issues security pros should expect to face this year. The material comes from my recent presentation at "Bad Guys, Governance, And Other Things That Keep You Awake At Night," an InformationWeek and Dark Reading event in Washington, D.C., and New York.

1. Governance
Governance is a threat to both the sanity and effectiveness of nearly every security professional. It can be a silent killer to the best-planned security program when C-level executives do not back up the security efforts because they don't understand where their data is and what needs to be done to secure it. Effective communication of business risks and how to reduce that risk without impacting the bottom line too much is key.

2. Malware
We all know that malware, in general, is a problem. Targeted malware, however, has been on the rise for a couple of years, and Stuxnet finally brought that reality home for many. Unfortunately, malware can infiltrate a network in many different ways; it requires diligence and understanding on the part of the security pro to fight it at every level and handle the politics of putting protections in place that limit what employees can do.

3. Social Networks
Social networks are a double-edged sword that allow security pros to stay up on the latest information through sites like Twitter, yet provide an avenue of easy attack to users who are willing to click on every link they receive. In addition to malware, there's the problem with accidental disclosure of important details, like we've seen with the military through Facebook and politicians using Twitter. Having a current and well-defined policy is key, but so is regular awareness to users on what issues social networks can pose to both themselves and their employer.

Next: The return of DLL hijacking.

1 |  2 |  Next Page » 



Currently we allow the following HTML tags in comments:

Single tags

These tags can be used alone and don't need an ending tag.

<br> Defines a single line break

<hr> Defines a horizontal line

Matching tags

These require an ending tag - e.g. <i>italic text</i>

<a> Defines an anchor

<b> Defines bold text

<big> Defines big text

<blockquote> Defines a long quotation

<caption> Defines a table caption

<cite> Defines a citation

<code> Defines computer code text

<em> Defines emphasized text

<fieldset> Defines a border around elements in a form

<h1> This is heading 1

<h2> This is heading 2

<h3> This is heading 3

<h4> This is heading 4

<h5> This is heading 5

<h6> This is heading 6

<i> Defines italic text

<p> Defines a paragraph

<pre> Defines preformatted text

<q> Defines a short quotation

<samp> Defines sample computer code text

<small> Defines small text

<span> Defines a section in a document

<s> Defines strikethrough text

<strike> Defines strikethrough text

<strong> Defines strong text

<sub> Defines subscripted text

<sup> Defines superscripted text

<u> Defines underlined text

Dark Reading encourages readers to engage in spirited, healthy debate, including taking us to task. However, Dark Reading moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing/SPAM. Dark Reading further reserves the right to disable the profile of any commenter participating in said activities.

Disqus Tips To upload an avatar photo, first complete your Disqus profile. | View the list of supported HTML tags you can use to style comments. | Please read our commenting policy.
Subscribe to RSS



Vulnerability Management Reports

report Choosing the Right Vulnerability Scanner for Your Organization
Vulnerability scanners can be used to help detect and fix systemic problems in an organization's security program and monitor the effectiveness of security controls. However, a vulnerability scanner can improve the organization?s security posture only when it is used as part of a vulnerability management program, in which products, processes and people are working together to find, identify, prioritize and mitigate threats. Here are some tips on choosing and implementing vulnerability scanners in your enterprise.

report Using Google to Find Vulnerabilities In Your IT Environment
Attackers are increasingly using a simple method for finding flaws in websites and applications: they Google them. Using Google code search, hackers can identify crucial vulnerabilities in application code strings, providing the entry point they need to break through application security. Sound scary? It is, but there is good news: You can use these same methods to find flaws before the bad guys do. In this special report, we outline methods for using search engines such as Google and Bing to identify vulnerabilities in your applications, systems and services--and to fix them before they can be exploited.

report Security Pro's Guide to Patch Management
It's no longer sufficient to patch just Windows, Office and IE. With the massive array of applications now residing on enterprise PCs, and the proliferation of mobile and cloud-based applications, your business is far too vulnerable to exploitation unless you have a solid strategy for patch prioritization, deployment and quality assurance. Follow these steps to put your plan in place.

Other reports from the Vulnerability Management Tech Center:




Featured Webcasts
Featured Whitepapers
Featured Reports