Top 10 threats for IT security in 2011

security key

In the future, online security threats will be much the same as they are now but with a few new twists.

So claims the Information Security Forum, which gazed into its crystal ball to come up with a threat list for 2011 see below for the full list.

"Many of the threats in 2011 will be familiar ones that are evolving and will present new and sophisticated attacks to compliment tried and tested techniques," said Jason Creasey, head of research at the ISF.

Cyber crime topped the list, with Crimeware as a Service such as ready-made malware or botnets becoming more prevalent, along with insider threats.

"It is also clear that the financial crisis is accelerating these changes, fuelled by increasing staff turnover and dissatisfaction along with the increased involvement of organised criminal groups that see online crime as a lucrative and low risk alternative to other nefarious activities," he added in a statement.

Other top security issues will be IT infrastructure weaknesses, tougher regulations, outsourcing, and network boundaries being worn down. Rounding out the top ten will be mobile malware, Web 2.0 flaws, corporate espionage, the difficulties securing user driven systems, and the blurring line between work and personal life.

Indeed, some of those security trends will combine, with criminals recruiting unhappy employees for inside information. "This more sophisticated and planned approach by criminal gangs comes at time when IT budgets are under pressure and companies are also looking to outsourcing and offshoring to save money," said Creasey.

"These potential weaknesses in the IT infrastructure and third-party relationships particularly with the advent of cloud computing pose further threats and it is important to have the right controls in place to mitigate the risks."

The ISF called on companies to continue to invest in security in order to keep data safe. Chief executive Prof. Howard A. Schmidt said that "even in today's financial climate and increased threat environment, we are better placed than ever before to meet these challenges as long as we have the resolve to strengthen and invest in security rather than reduce it."

The ISF's top 10 threats in 2011:

1. Criminal attacks

2. Weaknesses in infrastructure

3. Tougher statutory environment

4. Pressures on offshoring / outsourcing

5. Eroding network boundaries

6. Mobile malware

7. Vulnerabilities of Web 2.0

8. Incidents of espionage

9. Insecure user-driven development

10. Changing cultures