Insider threats and ID theft will dominate 2008

17 Jan 2008

Insider threats, ID theft and adhering to strict compliance rules and regulations will be the main security pains facing IT managers and CIOs in 2008, according to the head of security at enterprise software firm Novell.

In a forecast for 2008, Jim Ebzery, senior vice-president of Identity and Security Management at Novell said even though the internet has made it easier to get information and services, it can be a dangerous place to compute.

“Every day, criminals are unleashing malware, worms and spam, hoping to pry loose confidential information for monetary gain,” Ebzery explained. “To prevent the crooks from succeeding, CISOs (chief information security officers) will continue to spend huge amounts of resources on global IT security.”

Ebzery said that in 2008 the alphabet soup of compliance regulations – SOX, MITS, HIPAA, FERPA, PCI and BASEL II – will continue to be a pain in the backside for CIOs and security officers.

“In 2008, businesses can expect the Government to become even more involved with compliance standards. CISOs will be asking, ‘How can I prove to auditors that I am compliant and how can I simplify the process?’ Technology that can automate and validate network activity to meet compliance requirements will grow in importance.”

Ebzery said that as the workforce calls for more collaboration, file-sharing and mobility, employees are increasingly putting their companies at risk. Laptops, PDAs and USB drives often contain confidential work information and sensitive personal data.

“And because of their size and mobility, they can be easily lost or stolen. CISOs will increase password protection, encryption and personal firewalls on these devices to remediate security breaches.

“An employee attempting to exceed access privileges is also a security threat. Whether it is to better perform job responsibilities, or there is malicious intent, CISOs should know who is accessing what inside the network. There will be a renewed focus on analysing the ways employees are using systems and revoking access when employees go beyond their authorised scope,” Ebzery said.

ID theft will also increase in prominence as an IT threat in 2008. “To combat ID thieves, stronger authentication combined with better validation is a necessity. Authentication methods that depend on more than one factor, such as personal identification numbers or biometrics, can be more reliable and are stronger fraud deterrents. If the only thing between you and your bank account is a username and password, that is a cause for concern.”

Ebzery said that multifactor authentication will also drive a stronger push toward converging IT security with physical security. “Right now, converged security is primarily happening in the government sector, but in 2008 more banks, retailers and healthcare facilities will begin using access cards and tokens to tighten access security and prevent ID fraud.”

He said meeting compliance, combating insider threats and preventing identity theft are not new security challenges, but these are issues that continue to persist.

“In 2008, expect to see businesses investing in the right combination of technologies to prevent them – such as creating stronger connections between identity management and security event monitoring, and integrating identity management into endpoint security tools,” Ebzery added.

By John Kennedy