Last week, IT Business Edge's Susan Hall wrote of hope for an increase in IT spending in 2010. I hope some of those IT funds are focused on security because experts are predicting increases in data theft and attacks via social media sites.
The folks at the Identity Theft Resource Center (ITRC) believe that the ongoing recession will only lead to more data threats in the coming year. Their findings show increased scams on unemployed people looking for work and more individuals who have no criminal history turning to identity theft for financial gain.
Additionally, the Center predicts an increase in insider theft due to the failure to follow simple security protocols in the workplace. This will create opportunities for thieves to gain access to personal identifying information retained in databases or paper files. According to Linda Foley, ITRC founder, the lack of computer security measures and the increasing skill levels of hackers will lead to larger and more financially harmful breaches.
Meanwhile, Michael Maloof, CTO at TriGeo Network Security, told me that social networking sites will be the largest target for hackers in 2010.
The browser is the primary point of entry for a network, and the host operating system is the target, making it critical for companies to monitor and apply security patches, he explained. It's extremely rare for attacks to utilize true "zero-day" vulnerabilities, meaning companies can defend against attacks, but it takes vigilance and enforcement.
Companies need to work with employees to acknowledge that while social networks have real value, they represent serious risk to the company, he added. Ideally, employees will feel comfortable reporting aberrant behavior, such as the browser crashing on a site, the video link they clicked on, or a plug-in they installed. But companies need to assume they won't and plan accordingly to patch, restrict and monitor.