Top 10 Information Security Risks for 2010
Dublin, Ireland, Tuesday 5th January 2010… Irish information security company Espion urges businesses and individuals to be aware of the top 10 Information Security risks that they may face in the year ahead.
“Developments in technologies can bring about vast improvements in both business and personal life. As companies and individuals embrace these advancements, they need to be aware of the possible risks, so as to be able to take full advantage of technical innovation without compromising critical or sensitive information,” explains Colm Murphy, technical director with Espion.
1. Social Networking – Sites such as Facebook, Bebo and MySpace offer cybercriminals a vast new world in which to target unsuspecting users. Malware can be cleverly disguised and can be distributed quickly and on a massive scale. The high levels of trust users place in social networking sites means they are an ideal target for the fraudsters, with a greatly likelihood they will succumb to an attack.
2. Malware attacks – Cyber criminals are using more creative means to package and deliver malware (viruses, worms, Trojans etc.). Increasingly, email is being used as the delivery mechanism containing seemingly innocent URL links shortened to disguise malicious site addresses, videos and pictures are all used to disguise and conceal malware. When activated, these software programs are designed to wreak havoc on a computer system and move on to infect more systems. The speed at which malware spreads and the damage caused continue to make malware rank highly as a security risk.
3. Scareware - Attackers and fraudsters use online pop-ups designed to look like messages from the operating system warning of a problem or virus infection to coerce users to download a program to “correct” the problem. In the worst cases, the program will itself be malicious and may damage the system or leave it vulnerable to attack/abuse. Ransomware enters a system through a security hole and encrypts personal files, making them inaccessible. The user is prompted to either buy a piece of decryption software or enter a code which can only be obtained by sending payment to the attacker.
4. Microsoft - Windows 7 is expected to be widely adopted by Microsoft users worldwide. This massive user base is a prime target for the opportunistic hacker looking to attack a new, unfamiliar operating system.
5. The Insider Threat – Information is stored in files and folders, accessible remotely by large numbers of users. Keeping it secure and safe from an internal breach, while allowing it to remain accessible to the majority of non-malicious employees, is an ongoing challenge. If employees feel their employment is under threat they may see sensitive data as a valuable commodity that can be used for their own gain – always to the detriment of their employer.
6. Localised attacks – Often attempts to deceive victims fail because they are clearly fraudulent, text used is grammatically incorrect, spelling errors raise red flags and graphics are poor replicas. However, attacks are becoming more refined, not only in appearance, but in relevance to the target. Attackers are researching more to use local references including culture; sports, events to appear more authentic and better their chances of defrauding their targets.
7. Smartphones – The convergence of telecommunications and computing is creating a new target for hackers. Smartphones are as likely to be attacked as traditional computers. The risk to personal and corporate data is greater as the availability of security applications for these devices is low. As the number of users and volume of data transmitted increases and more financial transactions are done using these devices they become a more attractive and lucrative target for attack.
8. Mac OS X –There is a widespread misconception that relative to PCs, Macs are resistant to attack. This results in users deploying far fewer security measures and not updating systems with security patches. Hackers will continue to target the OS X platform and Apple continues to respond with regular security updates.
9. Embedded Computing – As society relies increasingly on Information and Communications Technology (ICT) across all aspects of life, national critical information infrastructures – such as energy, transport and telecommunications- will become more and more connected to and reliant on the Internet. As beneficial as this is to the provision of services and communications it also exposes critical devices to the same risks and threats that exist online.
10. Virtualisation and Cloud Computing –Lower budgets and improvements in distributed computing and high-speed internet access, are making Cloud Computing and Virtualization appealing alternatives to costly and complex conventional computing methods. Cloud computing offers capacity and functionality over the Internet that is scalable, subscription-based and fully managed by the provider. Virtualization has lower power and space requirements and simplifies management. However, businesses need to consider the regulatory and legal issues associated with managing data and the new kinds of security challenges that these alternatives bring. How and where the data is stored and who has access to it? The issues are more complex if the data includes payment card information, as PCI-DSS requirements come into play.
Ends
About Espion
Espion is an advisory practice specialising in information security. We work with companies to ensure that the critical information essential to their success is secure. Espion’s comprehensive approach is unique and highly effective and includes services to address information assurance, governance, risk and compliance, IT audit, forensic investigation and IT security training. Utilising a collaborative approach, our team of highly experienced consultants, look to fully understand the clients business first and from there determine the risks and exposures that they may have, and help the client understand, manage and mitigate those threats to information security.
Espion Forensics is operated by Espion Limited. Since 2001, Espion has assisted hundreds of Irish organisations successfully resolve a wide range of computer related forensic investigations. Our certified consultants and proven methodologies combine to provide a world-class forensic investigation service. We have worked with the leading government, financial and private organisations in Ireland and further a field. We have provided expert testimony in the Irish courts as well as employment tribunals and other forums. We can quickly and professionally assist in a variety of scenarios, and have the expertise and experience to ensure all incidents are handled in the manner expected by international standards.
Espion Ltd., The Old Church, Belmont, Galloping Green, Stillorgan, Co. Dublin
Ph: +353-1-2101711 http://www.espion.ie
For more information, please contact:
Colman Morrissey Espion 01 210 1711
Colm Murphy Espion Forensics 01 210 1711
Jillian Godsil Practice PR & Events 053 94 296 76