It seems customary at this time of the year for many security commentators to write up their top predictions for 2012, most of which are usually pretty predictable. The obvious would include corporate belt tightening, an increase in demand for value for money from suppliers and a slightly tougher jobs market.
Here are my own predictions for 2012 covering a number of key domains that I deal with on a daily basis, some of the predictions may be obvious some may be less so.
The Security Business
Big four market dominance will be challenged – Hurrah!
The monopoly of the ‘Big Four’ audit firms (PwC, Deloitte, E&Y & KMPG) which dominate 97% of FTSE 350 will come under increased scrutiny in 2012. This is mainly due to their ‘disconcertingly complacent’ in their role in the financial crisis. The result will be either they will be broken up (unlikely) or they will face increasing competition from SME’s through changes in regulation (more likely). The UK watchdog has already outlined concerns in May 2011 of “substantial barriers” to entry for SME’s and are currently addressing the dominance through the OFT, OECD and European Union.
Weaker security companies will subject taken over – whether they like it or not.
Weaker security companies who have made poor strategic decisions, such as being over exposed in their customer base to the public sector, will be ripe for takeover. A prime example of this would be Logica, the global IT and management consultancy and a key player in the defence and intelligence information security market. Its share price has plummeted almost 60% in just 10 months. It announced in December 2011 that there would be 1,200 redundancies in Belgium, the Netherlands, Sweden and the UK. CapGemini and India’s Infosys are rumoured to be interested in the company.
Information Security
SSL and concerns in the cloud – every silver lining …
Currently attackers are exploiting vulnerabilities in the various implementations of the SSL protocol. There is clearly a rise in attacks which target the global infrastructure that supports SSL. Attacks will reach a peak in 2012 which, in turn, will invoke a serious discussion about real alternatives for secure web communications and the need for a SSL infrastructure overhaul.
As SSL certificates were easily compromised we will see the emergence of highly capable Threats (foreign intelligence services, state sponsored actors, organised crime, etc) targeting data held in virtual environments. The ramifications of cloud-based attacks on virtualisation infrastructure used to separate customer data could prove catastrophic to customer confidence. Like the run on Northern Rock; a run on a cloud service provider in 2012 is not inconceivable.
Malicious hardware – Caveat emptor !
Counterfeit hardware is nothing new, but in 2012 we will see this issue evolve from a sideshow to centre stage, with new revelations about contamination of the global supply chain. The US Senate Armed Services Committee is currently investigating 1,800 cases covering 1 million individual parts of counterfeit electronic components discovered in US military hardware, worryingly found in electronic systems of helicopters and airplanes.
2012 the year of the life threatening incidents?
I would happily be wrong with this prediction! The year 2012 may be the first year when we see lives lost due to a security incident, whether that is the result of attacks against SCADA systems or a hospital’s network enabled medical devices. The security measures in place to protect these systems require much more attention than they have received so far.
Attack Vectors and Threats
Cyber Espionage – or ‘Cyber WAR!’ if you’re a Sun reader!
2011 has been the year with most intrusions ever aimed at companies and government agencies. All around the world there have been countless attacks aimed at stealing company confidential or government classified information. We live in a world where all the valuable information is in digital form, so modern-day spies no longer need to physically infiltrate a building to steal information or run HUMINT sources. As long as they have the necessary computer skills and equipment, which are ever decreasing in cost, they can access the best-kept secrets of organisations from anywhere in the world. In 2012 we will see these kinds of attacks even more, which in turn will impact diplomatic relations.
Shift to targeting SME’s and key suppliers – your weakest link?
Cybercriminals focus of attack will refocus on small to medium-sized supplier companies. Why do cybercriminals target online banking customers instead of directly attacking banking institutions to steal money? The answer to this question has to do with the cost-benefit ratio of the attack. Financial organisations are usually very well protected and the chance of launching a successful attack is remote and very costly. However attacking their smaller less well protected suppliers whose security is not as strong makes them very attractive. Especially as online banking customers are increasing their defences. On many occasions, SME’s do not have dedicated security teams, which make them much more vulnerable.
Social Networks attack surface increases – no surprise here.
Social engineering techniques designed to exploit users weaknesses have become the leading attack method in social networks. Trending topics such as the Olympics 2012 or the next US Presidential elections will be used as bait. Cybercriminals will continue to target social media sites to steal personal data. The press, who’s recent infamous phone hacking has lead to widespread incrimination, will move to industrial scale open source data mining and the large resource of gossip that are social networks.
Personnel Security
The next big insider – David Shaylor, John Wick, Sean Hoare, Bradley Manning … next …
Insider threats are real and remain present in 2012 enhanced by the broadening financial crisis. Accidental insider breach will continue to be the primary source of compromise, organisations will focus on security awareness training (an underrated control in my view) and internal egress monitoring tools such as Data Loss Prevention (DLP).
Physical Security
Activists will become more active but less noticed … unless it’s a slow news day.
Activists will become more inventive in the way they grab press headlines. However what little public support they had appears to be weaning. What activities they do undertake will have little material business impact on City ofLondon.
The Threat Level will not decrease … but may increase in the run up to the Olympics.
At the moment the current National Security Threat level is Substantial which is defined as “an attack is a strong possibility”, it will be interesting to see if this threat levels ratchets up a notch to Severe which means “an attack is highly likely”. I suspect it won’t officially go up (it tends to scare the tourists). The recent announcement of the deployment of 13,500 service men and the possibility of surface to air missiles means the capability to deal with an attack will be in place, even if no one officially unscrews the amber light bulb and swaps it for a red one.
Records Management
Libraries are dead … long live Libraries.
When was the last time you visited a library? How long does your information security book remain relevant? Even in the general population books are losing market share to digital readers. Amazon announced that ebooks for Kindle out sell paper books, 180 ebooks for every 100 hardcover books. How relevant is your local library today and has it already been replaced with the likes of Amazon, Wikipedia and Google?
Fraud
Android – the cybercriminals target of choice.
Malware on Android mobile devices skyrocketed in 2011 and will continue in 2012. In May 2001, Juniper networks reported a 400 percent increase in malware attacks since the summer of 2010. In November 2011, the firm announced a further increase of almost 500 percent since that report came out.
Security is one of the key advantages of the Apple model. Android’s open applications store model is at best naive and lacks the code signing and an application review process that Apple demands. This makes it easy for attackers to distribute their malware. The official Android Market offers not even a hint of a challenge to malware writers.
In 2012 I expect mobile malware to keep on stealing money from unsuspecting smart phone owners by sending text messages without their consent, while botnet-like attacks will distribute spam, read the private data of users and pave the way for other malicious software to be installed on targeted devices.
Business Continuity
Hybrid data storage environments combining cloud storage with existing storage will move in to the main stream.
For the majority of companies the idea of moving all there services to the cloud is not feasible or palatable from a risk appetite perspective. However, ever expanding data storage is driving the demand forever increasing capacity. Cloud storage seams to be the way to go and getting even more competitive in terms of price per GB. The benefits are access to a ‘secure’ (depending on your implementation of course), limitless pool of storage capacity that never requires upgrade/replacement and reduces your capital expense.
Disaster recovery to the cloud will become more viable option
Traditionally, companies had to rely on dedicated replicated infrastructure at an offsite location to be able to recover from physical disaster. This means paying for idle hardware, while waiting for a disaster. Disaster recovery in the cloud means not having to pay for this infrastructure except when it is needed. While zero downtime disaster recovery will be unlikely with this approach, most cloud providers offer competitive SLAs that offer Recovery Time Objectives (RTOs) in a unit of hours.