10 Security Threats to Watch
The SANS Institute just released a list of the worst security threats companies will face this year.
This is the first time the research group has looked ahead at coming threats. In the past, they've recapped the top 20 threats for the past year; Click here for a rundown of 2007's worst threats.
CISOs and security officers are aware of these threats, but some are clearly more prevalent than others.
Here's a look at SANS' predictions:
1. Attacks on browser vulnerabilities Attackers are getting more savvy with exploit codes, and more and more are targeted trusted Web sites.
2. Botnets Bots made headlines throughout 2007, and botmasters are getting increasingly sophisticated in their tactics.
3. Cyber espionage Well resourced organizations--namely, nation-states--will use phishing and other attacks to gain economic advantage.
4.Attacks on mobile devices The introduction of new mobile computing platforms will lead to increased attacks, and VoIP systems are also vulnerable.
5.Insider attacks The threat of an internal strike forces security pros to clamp down on access and set more rigorous policies.
6.Identity theft from persistent bots Some bots stay on computers for months, all the while collecting personal data that can be used for extortion and identify theft.
7. Spyware More sophisticated tactics will evade anti-virus, anti-spyware and anti-rootkit tools, leading to more persistent problems.
8. Web application exploits Programming errors in applications like Web 2.0 tools are seen as increasingly vulnerable, giving attackers a new venue.
9. Blended social engineering
Criminals are using targeted attacks--like a phishing e-mail on job offers for Monster.com users--combined with VoIP to amplify their impact.
10. Supply chain attacks USB connections from vendors or conferences increasingly contain dangerous software.