Protecting data on mobile devices such as laptops, viruses on mobile handsets and IP phone security are being touted as the most important security trends for 2007, a panel of IT experts has said.
Members of the SANS Institute, comprising 20 leaders in IT security, developed a list of security priorities for the coming year based on trends that were likely to happen and would have the greatest impact if they did.
The top two priorities both involve mobile devices. According to the panel, laptop encryption will be made mandatory at many government agencies and other organisations that store data about customers or, in the health sector, patients. The group said that encryption tools would be pre-installed on new equipment.
Demand for this tight protection of data will come from senior executives who are concerned about potential public fallout from a disclosure, the panel added. Meanwhile the second trend is that theft of PDA smart phones is forecast to grow significantly. “Both the value of the devices for resale and their content will draw large numbers of thieves,” SANS declared in a briefing note.
Government action is the third trend, with the US Congress and state governments predicted to pass more legislation governing the protection of customer information. Next, targeted attacks will be more prevalent, in particular on government agencies, the panel said.
Mobile malware will hit a milestone in 2007 with the group forecasting that mobile phone worms will infect at least 100,000 handsets, spreading from phone to phone wirelessly. In sixth place, voice over IP systems will be the target of cyber attacks. According to SANS, this technology was deployed hastily without a full understanding of the security required.
In seventh place, the panel identified spyware as “a huge and growing issue”. Next, it has said that zero-day vulnerabilities will result in major outbreaks of infected PCs. This is when a vulnerability is discovered in legitimate software and the code to exploit it appears on the same day.
The experts believe that the majority of bots will be bundled with rootkits, which will change the target computer’s operating system to hide the attack’s presence and make uninstalling the malicious almost impossible without a full reinstall.
Lastly, many large organisations are forecast to put increased emphasis on protecting access to their internal networks by more rigorously checking users who try to log on, scanning their computers for traces of malicious code that could spread inside the company.
By Gordon Smith