Happy new year's! Here is a quick look at what the top 3 security issues to watch for in 2008.
The profit motive is driving two forces in the attacker community. First, attackers are getting sophisticated and better trained. Second, attackers are getting specific and focused. Consequently, watch for highly targeted attacks. These resist traditional signature-based protection because they are very rare and specialized. They bypass most of our preventive, detective, and corrective software controls. We are very vulnerable to never-before-seen attack patterns.
Attacks on application and driver software will also increase. As operating systems progressively improve security, attackers will turn to applications’ soft underbelly. Many application vendors are unprepared for this sort of unwanted attention. The same can be said of hardware manufacturers. Worse, while applications run in user mode, hardware drivers run in kernel mode. This means that a compromised driver gives the attacker full control.
So think targeted attacks against poorly written drivers. Now when we talk about operating systems, with software and drivers, we usually picture traditional computers. Yet this is quickly changing as things become computerized. Everything from printers to pacemakers is becoming fair game. Thus another security concern to watch is vulnerable embedded devices and equipment.
I am not suggesting the future will be doom and gloom. There are many improvements underway. As I mentioned, operating systems continue to evolve and are becoming tougher all the time. Look for anti-virus vendors to shift from code signatures and blacklists to other heuristics, such as behavior modeling and whitelists. Finally, though they are in their heyday now, look for botnets to shrink and perhaps even extinguish in the next five years.
Some things will get worse. Some things will get better. Yet one thing will remain the same: InfoSec continues to be the premier IT challenge.