Top 9 Cyber Security Trends For 2012

Security

This blog post offers predictions for the top cyber security trends for 2012. The analysis is designed to help companies shield themselves from the threat of hackers and insiders. Hacking, by nature, is a discipline that relies on innovation. Knowing future, potential threats helps security teams fight against the bad guys.

Trend #9: SSL gets hit in the crossfire

Currently, attackers are exploiting vulnerabilities in the various implementations of the SSL protocol. Furthermore, we are seeing a rise in attacks which target the worldwide infrastructure that supports SSL. We expect these attacks to reach a tipping point in 2012 which, in turn, will invoke a serious discussion about real alternatives for secure web communications.

Trend #8: HTML 5 goes live

Over the last few years, vulnerabilities in browsers’ add-ons (third party components such as adobe’s Flash Player or Oracle’s Java) were the significant cause of “zero-day” exploits. We predict that in 2012 hackers will shift their focus to exploiting vulnerabilities in the browsers themselves in order to install malware. The reason is due to recently added browser functionality – mainly driven by the adoption of HTML 5 standard. The HTML 5 standard was created to enable browsers to support a richer end user experience in a standardized way. While the new features are attractive to web developers, they are also very beneficial for hackers.

Trend #7: DDoS moves up the stack

Distributed Denial of Service (DDoS) attacks are gaining popularity and were part of high profile hacking campaigns in 2011, such as the Anonymous attacks. We predict that in 2012 attackers will increase the sophistication and effectiveness of DDoS attacks by shifting from network level attacks to application level attacks, and even business logic level attacks. Indications for this trend are already emerging. For example, the #RefRef tool, introduced in September 2011, exploits SQL injection vulnerabilities used to perform DoS attacks.

Trend #6: Internal collaboration meets its evil twin

Internal collaboration suites (such as Microsoft Sharepoint and Jive) are being deployed in “evil twin” mode, i.e., these suites are used externally. As a result, we believe organizations will look for tools to protect and control access to such platforms.

Trend #5: NoSQL = No Security?

The IT world is quickly embracing NoSQL under the buzzword Big Data. These huge data stores are the next big step in analyzing the massive amounts of data that is being collected in order to identify trends. We predict that the inadequate security mechanisms of these systems will inhibit enterprises from fully integrating these systems as third party components within the enterprise.

Trend #4: The kimono comes off of consumerized IT

After being caught off guard by the consumerization of IT, professionals are trying to regain control of corporate data. We believe that they are doing it the wrong way. Instead of trying to control data at the source, IT organizations try to regulate the usage of end-user devices and de-cloud data access. We expect organizations to spend a lot of time, money and effort on these techniques and technologies next year, with very poor results.

Trend #3: Anti-social media

As many more organizations are making their way into the social media space, we expect to see a growing impact to the integrity and confidentiality of the enterprise’s information. Moreover, we expect hackers will continue to automate social media attacks, exacerbating the problem.

Trend #2: The Rise of the middle man

With the increased supply and demand for compromised machines, as well as for sensitive corporate information, we predict the rise of the cyber broker. This individual matches the buyers of stolen data or compromised machines (aka “bots”) with the sellers of the data (or bot renters). In the same way stocks and investors gave rise to stock markets, hackers need a middleman.

Trend #1: Security trumps compliance

In the past, security decisions were usually driven by compliance. However, in 2012 we expect to see security decisions driven by security. The past influx of laws and regulations, which drove the budget and security solutions such as PCI or SOX, were used to feed the security budget. With the cost of a breach rising, industrialized hacking impacting many organizations and the need to protect of intellectual property, we expect to see more companies making cyber security decisions based on security.

SHARETweet about this on TwitterShare on LinkedInShare on FacebookShare on Google+Pin on PinterestDigg thisShare on RedditShare on TumblrShare on StumbleUponEmail this to someone

Amichai Shulman is Co-Founder and CTO of Imperva, where he heads Imperva's internationally recognised research organisation focused on security and compliance. Prior to Imperva, Amichai was founder and CTO of Edvice Security Services, a consulting group that provided application and database security services to major financial institutions, including Web and database penetration testing and security strategy, design and implementation. Amichai served in the Israel Defense Forces, where he led a team that identified new computer attack and defense techniques. He has B.Sc and Masters Degrees in Computer Science from the Technion, Israel Institute of Technology.