Security predictions for 2004

Computerworld - In 2004, information security professionals will experience more of the darker side of human behavior, but organizations will also take more control over their network and computing infrastructures, particularly end-user systems.
Here are my predictions on what to expect in information security in the next year.
R.a..n,d,ô.,m   p,u,,ñ,c.t,,u_a.t.1..0.n
Spam operators are getting more creative in their efforts to get around spam filters. R.a..n,d,o.,m p,u,,n,c.t,,u_a.t.1..0.n makes it nearly impossible to block spam messages by filtering keywords. Operators are changing to graphics interchange format images with no searchable text. Some spammers send in encoded formats, like Base64, to circumvent keyword filters altogether, and relay through IP addresses that have no Domain Name System domains associated with them. These recent developments are challenging spam-filter vendors and frustrating users.
More organizations will quantify the productivity losses and processing costs incurred by spam. Increasingly, IT security departments will be saddled with solving the problem, since it's a content management issue.
Consumer and office-worker definitions of spam will shift, thanks to the capabilities found on desktop spam-control products. Spam, once the domain of unsolicited junk e-mail, will become plain unwanted e-mail. Mail I requested last week is spam this week. A worker who subscribes to a mailing list in January will no longer want it in April. It will be easier to mark the message as spam than it will be to unsubscribe to the list. The messages will keep on flowing -- at the user's request -- but will be blocked before the user sees it.
Internet access filtering
Speaking of productivity, larger organizations will get more serious about managing and filtering employee access to Internet Web sites. Three justifications will dominate: productivity, security and legal liability. I'll explain these in more detail.

There have been a handful of sexual harassment lawsuits filed by employees who happen to see their colleagues surfing porn sites at work. Employees sue the employer for the distress of seeing these images and for the employers' failure to do anything about it.
Desktop management
Enterprises will begin to clamp down on users' ability to install software and make other configuration changes to their desktop systems. Windows 2000 had this capability, but thanks to the relatively uncontrollable Windows 95 and 98 platforms, users are accustomed to "owning" their desktop/laptop systems, with the ability to make systems configuration changes and install, update or remove software at will.
Unpopular as it will be, this has to change if IT is to regain control of its environment. A sizable portion of IT help desk call volume is associated with "power" users misconfiguring their systems and the problems brought about by non-IT-approved software. As a result, fewer users will have administrator privileges on their systems.
You may ask, what does desktop management have to do with security? An environment that lacks integrity (such as one where PC users are able to make configuration changes at will) will suffer a corresponding reduction in security because users' changes will sometimes make their workstations more vulnerable, and in other cases, user changes may be downright malicious.
Personal firewalls
Thanks to Blaster, Nachi and perhaps another worm in the final weeks of 2003, personal firewall software on end-user systems will finally get traction. Many companies found that these worms got into their networks via infected laptops that didn't have firewall software. The laptops became infected when connected to the Internet at home, where there was no firewall to protect them.
Senior managers who want to keep their jobs by avoiding a repeat of 2003 are funding enterprisewide personal firewall deployments. Now let's hope that they will be able to effectively manage them and still retain the ability to manage the PCs.
Leaky metadata
Tools that scrub metadata (change history, hidden text, undo information, internal routing memos and so on) will enjoy wider use. In 2004 or 2005, Microsoft will add a scrub feature to Word, Excel, PowerPoint and other software, perhaps by acquiring a leading third-party tool in 2004.
USB flash drives
One or more major companies will attempt to ban the use of Universal Serial Bus flash drives on the grounds that unscrupulous employees are using them to leak proprietary information. The result will be embarrassing, negative publicity for a policy that's ineffective in the first place.
Seriously, though, this is a problem for organizations. Many will begin to understand that the problem isn't with the technology, it's with the people!
Wi-Fi break-in
There will be at least one well-publicized break-in to a corporate Wi-Fi network. The cause of this attack will either be because the network was supported by IT but poorly protected, or a rogue access point was installed by an unauthorized employee. Regardless, the incident will shed light on this still-neglected vulnerability and spur companies into action.
Bluetooth
The same people who hack computers, send spam, make Pringle-can antennas, and drive funny cars will discover Bluetooth and begin to experiment with its uses and abuses. Negative publicity may cause Bluetooth to go back to the drawing board. Does any of this sound familiar? Will hackers build high-gain Bluetooth antennas from discarded ChapStick dispensers? And what will Bluetooth hacking be called? War nibbling? "Bluejacking?" Why someone would want to carry out such acts within six feet of a potential victim is beyond me, but people with too much time on their hands will figure this out, you can be sure of it.

Mobile phone hacking
Mobile phones are acting a lot more like wireless data terminals with very lightweight operating systems. We're building another monoculture, this time on almost-free devices that may outnumber PCs in a couple of years. Perhaps in 2004, we'll see more malicious code attacks than in years past.
IM incidents
Internet-based instant messaging services by America Online, MSN and Yahoo are in wide use inside large corporations whose IT departments may be unaware of the extent of IM use and are unable or unwilling to stop it. In most cases, corporate IT has no centralized control over IM. But the greatest concern should be that corporate messages sent via IM are traversing the Internet with no encryption. Any eavesdropper can see all of the messages flying by. I think that there will be at least one well-publicized incident wherein a hacker publicizes big-company proprietary information sent via IM.
Public utility break-in
Many public utilities have connected their SCADA infrastructure to the Internet. It must have seemed like a good idea at the time. SCADA stands for Supervisory Control and Data Acquisition. It's the mechanism that utilities use to monitor and control substations, water systems and power plants. I think that in 2004, a break-in to a public utility's SCADA system will be publicized.
Organized defense
The FBI and the U.S. Secret Service have made tremendous progress in their ability to track down and apprehend cybercriminals. Cooperation through public/private partnerships such as InfraGard will likewise improve. Those of us on the good side of security have a vested interest in the success of these efforts.

1 2 3 4 Next » Recommend Digg Twitter ShareThis Email Print Send Feedback Reprints Additional Resources Xerox Win a color printer! By using solid ink technology only from Xerox, you could save up to 65% by printing color for the cost of black and white. Enter for a chance to WIN a PhaserTM 8860 network color printer! Microsoft Upgrade to Internet Explorer 8 today. Save time and mitigate security risk. Deploy it now. Sybase NEXT-GENERATION MOBILITY PLATFORMS In this white paper, IDC analyzes the role of next-generation mobile enterprise platforms as organizations seek a more strategic deployment of mobile solutions. Learn the important issues you must consider before starting your next mobility initiative. Get your mobility white paper from IDC now, compliments of Sybase. White Papers & Webcasts Centralized Data Backup and Your WAN Is your organization prepared to tackle the massive challenge of protecting your data in a cost effective and timely manner? With a growing...   Why Compliance Pays This OnDemand webcast explores the relationship that firms with best compliance records have higher revenue, greater customer retention, lower financial losses from data... An All-in-One Approach to Web Security Granting web access to employees poses challenges to IT administrators and introduces unique security risks. Even as companies have perfected their security techniques...   Best Practices for Managing Business Risks from the Use of IT (Source: Symantec) Based on exhaustive benchmarks conducted by the IT Policy Compliance, this session highlights the relationship between business risks and use of... The Hidden Dangers of Spam Beyond the well-understood productivity drain that spam inflicts on businesses, threats posed by illicit email circulating through a network are causing many security...   Managing And Protecting Your Ever Increasing Mobile Assets (Source: Absolute Software) Your users are becoming more mobile each day. This is great for productivity - yet challenging for IT control. Natalie... Open Source Security Myths Dispelled (Source: Astaro) Open Source Software is computer software whose source code is available to the general public. This openly viewable nature...   Sun OpenSSO Enterprise Webinar (Source: Sun) This webinar replay discusses Sun OpenSSO Enterprise innovation--the single, open-source solution that helps your business solve the challenges around internal access... Best Practices for Backing Up VMware® with Veritas NetBackup™ VMware® is used by enterprises large and small to increase the efficiency and cost-effectiveness of their IT operations. With this in mind, Symantec...   Agile Enterprise Content Management (ECM) for Rapid ROI (Source: IBM) Content rich business processes are a core feature of daily operations at just about any organization today. Very often these essential... All White Papers | All Webcasts Computerworld Reports An Interactive eBook: Enterprise Security The Business Case for Server Virtualization Computerworld Technology Briefing: Intelligent Users Use Business Intelligence All Computerworld Reports Sign up to receive updates on the latest Security resources   White Papers Centralized Data Backup and Your WAN The Hidden Dangers of Spam Best Practices for Backing Up VMware® with Veritas NetBackup™ Symantec Security Compliance Brochure Improving Results for Legal Custody of Information Risk Readiness and Redundancy: PCI Compliance Automation Managing Spend on Information Security and Audit for Better Results How Controlling Access to Privileged Accounts Can Keep Insider Threat from Hurting Your Bottom Line From Trust to Process: Closing the Risk Gap in Privileged Access Control Archiving Technical Overview An All-in-One Approach to Web Security Open Source Security Myths Dispelled IT Compliance Interactive Tools Solution Overview: Symantec Control Compliance Suite 9.0 Information Security Brief by Enterprise Strategy Group EMA's 2008 Survey of IT Governance, Risk and Compliance Management in the Real World Butler Group Technology Audit: E-Mail and Web Security SaaS Symark PowerBroker: Root Access Risk Control for the Enterprise How to Protect Business from Malware at the Endpoint and the Perimeter Case Study: The Ritz London Sponsored Links HP StorageWorks products-control, consolidation and confidence. 64-page prescriptive guide to security, compliance, and IT operations. Looking to add Unix/Linux functionality to Windows? FREE guide to saving up to 95% on network hardware costs. Start saving today! Enhance your career with a Boston University online Master's in CIS Find IT jobs in the Healthcare industry on Dice.com Network Tools Made By Engineers for Engineers Live Webcast: Building a More Productive Organization  A User Perspective With the NEW KODAK i700 Series Scanners get full speed at 300dpi! ITwhitepapers.com - Access thousands of white papers on 300+ technical topics. Leverage Your Cisco infrastructure for Superior Application Performance Learn about the AMD Virtual Experience Introducing: Project Icebreaker Introducing the new HP ProLiant G6 server family Wait for the upturn, or get ready for it with Capgemini's Technovision study. Download it here. Instantly know your IT service state - anytime, anywhere @ AccelOps.net Try the best rules engine free! Decisions.FICO.com Learn How to Create a High Performance Workplace Thrill Dad this Fathers Day and save up to 66% plus 4 FREE Caramel Apple Tartlets from Omaha Steaks. ESET NOD32 with ThreatSense(R) - Get your free trial now! Join the conversation about the hottest IT trends with Computerworld on Twitter. Create business data you can believe in with data governance Not All QSAs Are Created Equal: What You Should Know Before You Buy The arrival of Serial Attached SCSI (SAS) marks a new era in storage scalability The AMD Virtual Experience Virtual Trade Show About Us Advertise Contacts Editorial Calendar Help Desk Jobs at IDG Privacy Policy Reprints Site Map CIO Computerworld CSO DEMO GamePro Games.net IDC IDG IDG Connect IDG Knowledge Hub IDG TechNetwork IDG Ventures IDG.net InfoWorld ITwhitepapers ITworld JavaWorld LinuxWorld Macworld Network World PC World The Industry Standard Copyright © 1994 - 2009 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.