From time to time, CompTIA brings you blog posts from our media partners that directly relate to the success of the IT channel. Check out the post below from Tech Security Today's Michael Vizard on the how to prepare for security threats in 2012:
Security in the coming year is going to be more complex than ever to manage. The attack vectors are widening and the skill sets of the hacker community are getting sharper with each passing day. In fact, the top 12 threats to IT security in 2012 are:
Social Networks: Cybercriminals are using phishing and other techniques to gather personally identifiable information.
Search Engine Poisoning: By leveraging search engine techniques, cybercriminals are driving traffic to fake web pages loaded with malware.
Adobe Application Software: Cybercriminals have figured out these popular applications have a lot of vulnerabilities to exploit.
Web Applications: Hackers routinely target this class of applications because most web developers are not very security-conscious.
Phishing: Reliant on social engineering techniques, phishing relies on the gullibility of end users that can never be underestimated.
Botnets: These automated engines for launching malware attacks are now starting to focus on specific types of targets.
Advanced Persistent Threats: New classes of malware that specifically go after a particular web site are being developed to steal intellectual property and commit digital fraud.
DNS Server Hijacking: A method through which cybercriminals reroute web page requests to a fake web page loaded with malware.
Mobile Devices: As these devices increasing get used for transactions, cybercriminals are zoning in on a raft of vulnerabilities to exploit.
Cloud Security: No one is sure if cloud computing improves or worsens security. What they are sure of is the cloud computing services make tempting targets.
Cyberwarfare: Businesses are finding their IT security is being compromised by sophisticated organizations tied to various nation states looking to steal intellectual property.
Negligence: The complexity of IT leads to security fatigue, resulting in configuration errors and simple passwords that can easily be exploited.
As outlined in a webinar that can be found here, the number of IT security issues that need to be addressed is daunting. The good news is a lot of security tools IT organizations have at their disposal are getting more automated, which makes it easier to deploy a layered approach to security that frequently combines internal and external security resources.
In fact, Jon Clay, a senior product marketing manager at Trend Micro, notes that IT security has become a global issue that spans mobile computing devices from the endpoint all the way up to the most complex virtual machine deployments in the data center and everything in between. Without more reliance on automation and security services delivered via the cloud, Clay says IT organizations simply won’t be able to keep pace with all the potential threats.
Obviously, there’s no such thing as perfect security. But the people who create malware are subject to the same time limitations as the rest of us. If something looks like it will take a lot of time and effort to crack, cybercriminals will move on to find easier targets.
At the same time, IT organizations need to guard against spending too much time and money on security. That means they need to be able to deploy an in-depth defense strategy that easy to manage. After all, the only thing standing between most organizations and a major security breach is a thin line of IT professionals who need all the help they can get.
Looking for ways to bolster those defenses and help your IT department? Check out the white paper, Strengthening the Thin IT Security Line.
