Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Cloud weakness prediction for 2010 enterprise security concerns

Secerno : 26 January, 2010  (Technical Article)
Secerno identifies security trends for the year and envisages problems with cloud protection and an increase in "man-in-the-browser" attacks as cyber-criminals develop more sophisticated approaches to try and stay ahead of the game
Secerno has announced the top data security concerns that CSOs, CIOs and the extended enterprise will face in 2010.

Secerno expects to see an increase of "man in the browser" attacks, in which a Trojan allows a hacker to take control of a web browser and gain access to confidential information. These types of attacks bypass trusted security measures such as two-factor authentication and can be devastating to an organization, given the hacker's ability to grab confidential information without being detected. What will change in 2010 is that these attacks will become increasingly enterprise-focused, leaving CSOs and others scrambling to keep data protected knowing that traditional intrusion protection will fail.



In 2010, we will see the Fortune 1000 increasingly embrace social networking technologies and sites - such as Facebook and Twitter- for brand awareness, marketing, customer engagement and a host of other activities. These sites and applications have a dual security risk in that the sites themselves are targets for SQL injection attacks for passwords, financial data, and personal information as well as the vulnerabilities inherent in having enterprise users access these applications through a corporate network. 2010 will be the year that corporations struggle to realize the benefits of these applications without compromising their data security.

Since advancements in automating SQL injection attacks emerged in 2008, hackers and cyber-criminals have increased the frequency and rate of these attacks against the enterprise. Companies will need to protect themselves against injection attacks that are occurring at increasing rates, making proactive protection and blocking capabilities at the database level essential.

There is essentially no difference between security in the physical and virtual environments, but we will see an increase in Cloud breaches in 2010. These breaches will occur because of third-party involvement in the Cloud as well as an assumption from many enterprises that the Cloud environment does not require the same due diligence for security.

Cybercriminals will launch sophisticated attacks that will use insider knowledge and assistance as well as known weaknesses in enterprise applications to make targeted attacks on data and intellectual property.

Companies will continue to use third parties and contractors to meet the mandates of compliance regulations, leading to unintentional data vulnerability. With legislation on data protection expected to be enacted across a number of nations this year, companies will likely increase their use of third parties and unwittingly increase the risk to their data that comes from outside parties gaining access to sensitive enterprise systems.

"2010 will be the year in which sophisticated cyber-attacks become the norm for the global enterprise," said Steve Hurn, CEO of Secerno. "What will distinguish these attacks is that they will use a number of known weaknesses, including those identified by Secerno, to make targeted assaults that gain access to specific information. Every organization should be on alert that its data and intellectual property are at risk of being compromised in this threat environment."

Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo