Comment 2005: Future shock

20 Dec 2004

The security industry is very good at telling us what has happened and why, but somewhat less successful at forecasting what the future holds. That said, there are signs this year that point us in the direction of the likely security trends coming our way. On the basis that it’s better to be wrong than vague (let’s see how we get on in 12 months’ time) here are some predictions of my own.

We’re going to see a lot more about spyware in the coming year. It’s already the No 1 cause of calls to Dell’s helpdesk in the US, while closer to home, the ESB found on a random check of its laptop users that their machines were riddled with such programs.

Traditionally, spyware has escaped the notice of antivirus packages because it isn’t a virus and doesn’t behave like one. The good news however is that many vendors are adding anti-spyware features to their security toolset. Expect a big push on this in 2005.

Instant messaging (IM) will become more popular. There are growing examples of compelling business applications for IM, so many organisations are likely to have to roll it out to some of their user base. However, it brings attendant security headaches: for a start, it’s possible to send large files by IM and it bypasses traditional defences such as firewalls, potentially opening up a tunnel into and out of an organisation.

Phishing won’t go away; perhaps the only surprise in an Irish context is that only two banks have been targeted this year, AIB (twice) and MBNA. The nature of these scams has also changed throughout the course of the year, so ever-more sophisticated attempts are a likely development over the next 12 months.

The issue of unsuitable content on mobiles will arise again this year. So far there’s been no white smoke from the Irish Cellular Industry Association to suggest that it has found a technology solution to blocking inappropriate images on mobile phones. Post-Christmas take-up of 3G services may help put this back on the agenda.

Expect to see data protection legislation more stringently enforced than it has been so far. Early audits of Irish organisations that gather data about customers or visitors to websites were confidential; the object of the exercise was to educate people in their responsibilities when handling data supplied by customers. However, soundings from the Data Protection Commissioner’s office suggest that next year, those in breach of the data protection legislation are more likely to be subjected to ‘name and shame’ campaigns. More prosecutions for related offences are also possible, continuing a trend that began this year.

Biometrics may also be on the agenda — or if they aren’t they should be. All throughout this year so far, details from the Department of Foreign Affairs on future use of biometric data such as fingerprints or face scans in passports have been sketchy. It will be interesting to see how much, if any, debate there will be around privacy concerns. This year’s e-voting affair already saw a concerned and motivated lobby group call into question the use of IT in a major public project with some success, but it remains to be seen whether the implications of biometric technology will dawn on the wider public. Watch for developments here towards the latter part of 2005.

Lastly — and I realise no marks will be handed out for stating the obvious — viruses will remain a threat to Irish businesses and consumers. Anyone tracking malware activity in Ireland can’t fail to have noticed that a large proportion of the problems this year came from viruses that were in the wild for some time; the only conclusion to draw is that people are not keeping their antivirus systems up to date or patching their systems as quickly as they should to mitigate against the threats. Early next year we should see an update to the survey conducted as part of the Make IT Secure Day campaign.

It should give some pointers as to whether people have heeded the message and are more clued in and are defending themselves better. I’d like to think that qualifies as a prediction, but for the moment it simply remains to hope for the best. The next major virus outbreak will tell its own story.

By Gordon Smith