10 Trends Driving IT Security Spending In 201310:00 AM EST Wed. Feb. 06, 2013
Security is always an important topic in IT, in part because threats are constantly evolving and changing. It's an area in which solution providers -- and their customers -- constantly need to be proactive. With that in mind, Dell SonicWall recently released its annual list of 2013 security trends, along with tips on how to prevent some of the threats from happening. Here's a closer look.
More advanced toolkits for hackers are expected to provide increased challenges for security providers this year, according to Daniel Ayoub, product marketing manager at Dell SonicWall.
"Those are the black-hold exploit kits, malware kits that people buy on the black market. Those things are becoming more sophisticated and there will be more zero day exploits," Ayoub said.
Botnet communications are becoming more sophisticated as hackers look to disguise their botnets using unique tactics, according to Dell SonicWall.
"I recently saw people utilizing Google Docs to communicate via botnets. Other times they send a picture with information on the back end. There are lots of ways to get away with this now," Ayoub said.
For toolkit and botnet issues, solution providers need to offer strong intrusion protection solutions, Ayoub said.
The concept of ransomware is becoming more prevalent, Ayoub said. Ransomware involves someone installing a unique virus on a device. Instead of a traditional virus, this virus encrypts your hard drive and holds a user's data hostage, according to Dell SonicWall. The bad guys expect payment before they'll give back your data.
"We expect to see that rise in the coming year. If you don't pay them money, you can't get your data back," Ayoub said. It's a similar concept to viruses that tell users they have a virus and need to pay for a fake antivirus solution to rid themselves of pop-ups and other threats, he said.
"They take that interactive approach to get money out of you. You can protect yourself with a good antivirus and be careful what you install. Make sure you have the latest patches and also make sure you back up any sensitive data," Ayoub said.
The next five trends have to do with mobility, including more mobile malware entering the market, Ayoub said.
In many cases, mobile malware gets introduced directly through apps downloaded from Google's Android and Apple's iOS stores, Ayoub said. "People take for granted that [when] they get an app that it's legitimate. Criminals have cleverly figured out ways to sneak malware in through those avenues. Companies insist apps are safe, but it's happened before. Be careful what you install," he said.
Apple paid $356 million for biometric security company AuthenTec last summer and although Apple hasn't integrated anything into devices yet, it's likely that future iOS devices might see fingerprint scanners or iris scanners, Ayoub said.
"Right now, Google is introducing facial recognition scanning. We see more and more sophisticated ways of doing that," he said.
Device makers need to "harden" the operating systems for their devices in corporate environments to the same classification that military organizations are required to handle data, Ayoub said. "Corporations will want that, with full disk encryption when it's not being used, or having the OS have antimalware technology built in."
Network access control isn't a new technology, but it's one that will bounce back in a big way in 2013 because so many companies allow tablets and smartphones onto corporate networks.
"They need a way to control devices. They don't have credentials built in to track people and know what access people have," Ayoub said. "Gartner has also said it expects a 15 [percent] to 20 percent jump in that market for similar reasons."
You've seen the commercials where two phones can touch to transfer playlists and other information between each other. Well bad guys have figured out how to use that technology to their advantage, too, Ayoub said. He noted that security researcher Charlie Miller demoed that vulnerability at the 2012 Black Hat conference.
"You can compromise a smartphone by waving it over a sticker of an RFID tag," he said, adding that some people had hacked the New York subway system using near field communications to ride for free. "We expect to see NFC attacks rise in the coming year," he said.
Finally, and perhaps most importantly, is cyberterrorism, Ayoub said. Security firms must remain especially vigilant to ensure that a possible cyberattack against a water treatment plant or power plant does not occur, he said.
"It's kind of scary," Ayoub said. "But our customer base is pretty sophisticated and computer-savvy."
Overall, Ayoub said, hackers tend to target more unsophisticated users, "be it a grandmother or a 14-year-old teenager," but all parties should always be vigilant.