New technologies have pioneered ways for businesses and consumers to benefit from sharing data in unprecedented ways, yet those benefits have come at the cost of an increased risk of security exploits and cybercrime. Security breaches escalated in 2010, and Cenzic, a leading provider of Web application security solutions, expects this trend to continue and grow in 2011. Issues fueling this rise will include the decreasing level of computer skill needed to hack, the increasing popularity of cloud computing, Android and iOS mobile platforms and the increased connectedness of devices, and the desire of governments to engage in cyber terrorism. The year will also see the emergence of business extortion as Wikileaks and its contributors race to publish the dirtiest secrets of big businesses.
"Many of the cyber attacks we will see in 2011 will be the familiar ones, such as cross site scripting and SQL injection attacks. The twist however, will be the availability of open source hacking kits, which turn an average computer user with a modicum of Internet skills into a hacker," said John Weinschenk, president and CEO of Cenzic. "As the barriers to hacking are removed, the number of hackers will rise and the hunt will be on for the quickest route to the biggest payouts. Ultimately, we may see hackers targeting unprecedented items, such as health care devices, cars, and home automation devices."
Cenzic's John Weinschenk projects the following security trends will emerge in 2011.
Click through for security trends that will emerge in 2011, according to John Weinschenk, CEO of Cenzic.
Smartphone adoption is up and the number of mobile applications is growing exponentially. On-the-go smartphone access will be a concern to corporations that don't want employees accessing company secrets via unsecured mobile networks. For consumers, as banks and e-commerce sites deploy apps that give customers unprecedented access to their bank accounts, security becomes more important than ever.
The large user base created by wide-scale adoption of iOS and Android will increasingly make these platforms a target for hackers in 2011, which will likely usher in high-profile mobile breaches.
We are beginning to see the networked interconnection of everyday objects — often referred to as the "Internet of Things," with about 35 billion devices connected today and a forecast for that number to grow to trillions in the coming years. The growth will drive the need to secure the devices, which include medical gadgets such as pacemakers and car devices like the wireless tire pressure monitors on newer cars.
The availability of open source hacking tools will continue to grow, opening the door for a new era of hackers. Anyone with a modicum of computer skill and access to these tools will be able to easily target websites to hack for monetary gain.
As more companies use the cloud for their core business, securing the cloud becomes much more important. In 2011, we will see hackers exploiting the cloud as they look for low-hanging fruit that can lead them to monetary gain. We will also see a major shift toward Web application security delivery for all Web apps using the cloud.
The PCI DSS 2.0 regulations rolled out in November will go into effect on January 1, and credit card companies will be working with their customers to ensure they are in compliance. As this happens, compliance will help to drive the awareness and adoption of security measures to companies large and small in an effort to protect websites and customers from hackers.
Wikileaks has published confidential documents from the U.S. government and Swiss and Icelandic banks, and has threatened to publish data from other high-profile companies. In 2011, we'll see Wikileaks publish a marquee company's innermost secrets, including e-mails, documents, and records of major decisions such as fighting legislation, foiling rivals, employee dismissals and more. In 2011, potential leaks of unethical executive behavior and bad business decisions just may be the "smoking gun" that pushes senior executives to fund increased security across corporations.
2010 ushered in the discovery of Stuxnet, often referred to as the most refined piece of malware ever discovered, a clear indication that government-sponsored cyber warfare has arrived. In 2011, we will see the U.S. and other governments increase their efforts to thwart cyber terrorists by picking up their offensive game and putting the Web to use as a weapon. Much like pawns in a game of chess, other nations will pick up their efforts, leading to increasingly sophisticated attacks from Russia, China, Israel and Iran.