Top 10 security predictions for 2010

security in 2010

According to PriceWaterhouse Coopers' annual security survey, almost two-thirds of organisations expect to maintain or increase their spending on security in 2010, despite the prospects of budget cuts elsewhere.

But companies might well be running to stand still: again according to PriceWaterhouse Coopers, 40 per cent of chief information officers (CIOs) believe the threats to their companies' information increased in 2009.

Few security experts expect to 2010 to bring much respite, with cyber criminals developing new attacks and techniques, and businesses depending more than ever on the internet for communication and trade.

Here, IT PRO brings together some of the industry's security predictions for the coming year.

Cloud computing

As companies make more use of cloud computing to reduce their costs and improve flexibility, so the cloud is more likely to suffer from cyber crime. As more corporate data moves to the cloud, the cloud providers will become an attractive target, according to security firm M86.

And increasing reliance on third parties to host data and applications will make it more difficult for IT managers to control their information security perimeters.

Dark traffic and bigger botnets

More than 90 per cent of email traffic 90.4 per cent, to be precise, according to Symantec is now spam. The basic laws of mathematics mean that spam cannot grow much more, in percentage terms, but anti-malware firms expect the absolute volume of "dark traffic" to continue to grow.

One reason is that botnets are becoming ever more sophisticated and harder to detect. Another is that, for some reason, people buy stuff from spam emails. Amazingly 12 per cent of consumers have responded to spam, according to the US-based Messaging Anti-Abuse Working Group (MAAWG).

And, as Symantec cautions, more than two per cent of spam messages actually contain malware attachments.

Social networks

Consumers' interest in social networks is set to grow further in 2010, and so will cyber attacks directed either through social networks, or at them.

In addition to account takeover, and individuals using social network sites to introduce spam links or malware, several security firms expect 2010 to see attacks directed at social networks and their users through third-party applications, and the networks' APIs.

Industrialisation of hacking

According to IT security firm Imperva, cybercrime is increasingly organised along industrial lines. The company says that hacking groups now operate clearly defined supply chains. These groups are often organised in ways that are very similar to drugs cartels, and are making more and more use of automated tools to speed up their hacking attacks.

Data breaches

Data breaches will continue to be a headache for businesses, government departments and regulators. The Identity Theft Resource Centre reported 403 data breaches in the first nine months of 2009, exposing 220 million records.

Most data breaches in 2009 were unintentional or accidental. But the expectation is that the percentage of malicious breaches will grow steadily in 2010, both through hacking and cyber crime, and malicious data theft by ex-employees.