Surges in Search Engine Optimization (SEO) Poisoning will yieldmalware outbreaks for businesses in 2011 according to TriGeo NetworkSecurity, a provider of security information and event management(SIEM) technology for midmarket enterprises.
TriGeo nailed its top prediction for 2010 - anticipating thatsocial networking sites like Facebook, Twitter, LinkedIn and MySpacewould become one of the biggest threats to businesses.
"Results for popular searches on global events in 2010 like thedisaster in the Gulf of Mexico, the World Cup and the launch of thenew iPhone were flooded with hacker-developed websites infested withmalware," said Michelle Dickman, president and CEO of TriGeo NetworkSecurity. "Employees are a huge vulnerability to organizations.Companies need to set and enforce policies on social networking andgeneral Internet browsing, and actively monitor all network activityto detect and prevent widespread and devastating infections."
In addition to SEO Poisoning attacks in 2011, companies shouldexpect to see:
-Hackers increasingly targeting vulnerabilities in mobile devices- specifically the iPhone and the iPad. The consumerization of ITcontinues to present a significant risk to businesses. As new,popular mobile devices are introduced into the workplace, look forhackers to uncover new mobile device vulnerabilities that lead toincreased data breaches.
-Data breaches at schools and hospitals yield record-breakingfinancial losses in 2011. According to the Identity Theft ResourceCenter, educational and medical institutions accounted for more thana third of all data breaches in 2010, as well as some of the largestbreaches of the year, including two at the University of Hawaii(nearly 100,000 records exposed), and AvMed Health Plans (1.2million records breached). Additionally, the healthcare industry washit with a Ponemon Institute study concluding that data breacheswere costing the field more than $6 billion per year. Look for thistrend to continue to escalate in 2011.
-More gray-hat hacks in 2011. WikiLeaks has evoked mixedresponses from supporters and critics. Expect to see more gray-hathackers using their technical capabilities as a cyber soapbox thatexposes potential risks and vulnerabilities.
-More scrutiny for SaaS security. Software-as-a-Service providerswill focus less on improving availability and more on security. SaaSwill continue to increase in popularity, and as a result, auditorswill need to see a clear audit trail of SaaS application activityfrom end-users. Look for tighter integration between SaaSapplications and internal monitoring and security technologies.
"Information security is a process, not a product, and in 2010 wesaw several examples of the damage that can occur when policies arenot enforced and network activity isn't monitored and scrutinized24x7," added Dickman. "The New Year presents a new opportunity forbusinesses to start fresh and implement solid security practicesthat protect highly valuable and confidential information, and theircompany brand."
((Comments on this story may be sent firstname.lastname@example.org))