Verizon report warns against 13 security threats in 2012

By eGov Innovation Editors | Dec 23, 2011

Thumbnail: 

Verizon's  2011 Data Breach Investigations Report showed that the number of data attacks has tripled in the past five years, making the need to balance security with risk an even greater priority for businesses and consumers.

Its ICSA Labs division recommends that businesses and consumers guard against the following 13 security threats in 2012:

Mobile malware. Malware targeting mobile devices will continue to increase, and enterprises will wrestle with how to protect users.  Obvious targets will be smartphones and tablets, with the hardest hit likely to be Android-based devices, given that operating system’s large market share and open innovation platform.  

Criminals targeting app stores. Infected applications, rather than browser-based downloads, will be the main sources of attack.  Because they are not policed well, unauthorized application stores will be the predominant source of mobile malware.  Cybercriminals will post their infected applications here to attempt to lure trusting users into downloading rogue applications. 

Application scoring systems. It is anticipated that the industry will develop a scoring system that helps ensure that users only download appropriate, corporate-sanctioned applications to business devices. 

Emergence of bank-friendly applications with built-in security. Mobile devices will increasingly be used to view banking information, transfer money, donate to charities, and make payments for goods and services. To help ensure the security of online banking, the banking industry is likely to begin to offer applications that have strong, built-in security layers.

Hyper-connectivity leading to identity, privacy challenges.  In today’s business environment, more users need to legitimately access more data from more places. Compounding the issue is a new age of cross-platform malicious code, aimed at sabotage, and mounting concerns about privacy. Enterprises will no longer be able to ignore this problem in 2012, and will have to make some hard choices.

New risks for digitized health records. In the US, healthcare reform and stimulus funding will continue to accelerate the adoption of electronic health records and related technologies throughout the industry.  The American Recovery and Reinvestment Act calls for all medical records to be electronic by 2014, meaning that much work must be done in 2012 and 2013 to prepare. Securing mobile devices and managing mobile clinical applications will continue to be an ever-increasing focus in the health care industry.

Merging of mobile and medical devices. As interoperability standards mature, more mobile devices and traditional medical devices will become nodes on an organization’s network. These devices also will share data with other devices and users and, as a result, be susceptible to the same threats and vulnerabilities that computers and other network-attached peripherals, such as printers and faxes, are susceptible to today.

Smart grid security standards will keep evolving. In the US, public utility commissions, along with the National Institute of Standards and Technology, will continue to develop smart-grid standards. The government will increasingly require utilities to demonstrate that their smart grid and advanced metering infrastructure solutions protect not only the privacy of consumers and consumer usage data but also the security of the AMI infrastructure.  

New concerns about IPv6. The US federal government is still struggling with the rollout of IPv6-enabled devices as organizations migrate from IPv4.  This will be an ongoing concern, and IPv6 specific vulnerabilities and threats will continue to cause trouble during 2012. 

Social-engineering threats. More targeted spear-phishing -- an email-fraud attempt that targets a specific organization, seeking unauthorized access to confidential data – will be the major social-engineering threat of 2012.  Efforts to educate user communities about safe computing practices will continue to be a challenge as the user base of smart devices increases dramatically. 

Security certification programs. Certifications will continue to increase, especially as the government accelerates IT mandates for its agencies in the areas of cloud and identity; and in turn, the private sector will follow suit. Internet threats will continue to affect business, government and user confidence and wreak havoc on computing devices in the office and at home.

Big Data. Large data sets that can now be managed with the right tools -- will be popular in 2012 as more companies derive greater value through analytics. Companies will use the data to create new business opportunities while empowering evidence-based decision making for greater success. 

Safeguarding online identities. With the rampant growth of online identity theft, consumers, businesses and government agencies are seeking ways to better protect their identities. These groups will look to the private sector to provide a cost-effective solution that helps to safeguard their identities and create greater online trust.