Corporate Espionage Meets Hacker Tradecraft
"We expect to see that the specific Hacker Tradecraft (malware, tools, tactics) , which is developed with government support and for government use, will begin to be shared with non-government/private organizations so that they can target their competitors in the private sector in search of Intellectual Property which is valuable to their operation." — Dell SecureWorks’ CTU Research Team
Exploits Will Target More Virtual Environments
"Attacking the virtual layer will become a means for hackers to move laterally within an organization’s network. As a hacker, you look for the weakest entry point you can find. Unfortunately, the defenses for the virtual environment are still immature." –Dell SecureWorks’ CTU Research Team
Your Customers Will Turn to SIEM for APT Protection
"What most organizations don’t realize is that, if you log IT data, you can often see an attack as it is being planned — and stop it midway. Compared to most attacks, which can only be contained through reactive measures, you can be proactive and thwart this kind of malicious activity" –Guy Churchward, CEO of LogLogic
Non-Regulated Industries Will Be Scared Into Multi-Factor Authentication
"In 2012 we anticipate there will be another large scale security breach as a result of weak credentials and poor authentication standards on websites. (Then we’ll) finally start to see a large number of organizations in gaming, healthcare, education, retail and social networking, start to adopt multiple layers of authentication and multifactor authentication to protect user accounts." — Bill Goldbach, executive vice president at Confident Technologies
Companies Could Shut Down IT Functions for the Sake of Compliance
“One organization we deal with has recently enforced a policy of – no visible audit trail, no email! Their iron rule is – if the auditing is not available in their email system they aren’t allowed to use email. It hasn’t happened yet, but 2012 may be the year servers get shut down and email withdrawn if no audit trail of access activity exists." –David Gibson, director of technical marketing and strategic sales at Varonis Systems Inc.
SMBs Will Continue To Thirst For Outsourced Security
"The threat landscape is simply too complex and the attacks too sophisticated for the average SMB to be able to tackle in house, particularly as SMBs need to manage security across many distributed networks/locations." — Rick Carlson, president at Panda Security
Mobile Security Threats Will Be At an All-Time High
"Mobile technologies are changing so rapidly that in some organizations the demand and pressure to deploy new technologies (e.g., tablet computers) will outstrip the organization’s existing capabilities to secure them. This unfortunate dynamic is no secret to thieves who are ready and waiting." –Cyber Security and Information Assurance Division of Kroll Inc.
CIOs Will Ask For More Security ROI Metrics
"CIOs will be more buttoned up about specific ROI/Cost models as it relates to security, and will move away from knee-jerk ‘we have no other choice but to do it this way, so just pay what it costs’ thinking." — Rick Carlson, president at Panda Security
SSL Attacks Will Drive Internet Certificates Innovation
"High-profile hacks of Secure Sockets Layer (SSL) Certificate providers and malware threats that misuse SSL certificates became an issue in 2011, driving SSL Certificate Authorities (CAs) and website owners to take stricter security measures to protect themselves and their customers." –Paul Wood, senior intelligence analyst for Symantec
Anti-Social Media Blows Up On Enterprises
"Enterprises that try to use social media as collaboration suites for internal, sensitive business data- which require different levels of access privileges- are bound to encounter massive data breaches. The restriction of information through these channels is in complete contrast to the concept of such environments which is all about sharing." — Imperva’s Application Defense Center team