The coming year looks to be an exciting time in the technology space: Processors are faster, storage is bigger, connectivity is better, and virtualization is here to stay.

But on the flip side, hackers are smarter, malware is more malicious, and social engineering is on the rise.

Here are 10 security threats that could plague 2010.

  1. Cloud computing
    The so-called cloud will be all the rage in 2010. While centralized processors, storage and management will lower costs, questions about data segregation, backup and secure access will hinder the adoption of cloud applications, especially in regulated industries.
  2.  

  3. Social media
    In 2010, employees will spend more time on Facebook, and corporations will tweet more. As a result, it will be critical to watch for Trojan horses attempting to enter your network via these social media. Also, make sure pay attention to short URLs (popular in social media sites), which may be hiding their true destinations.
  4.  

  5. Compliance
    Ensuring data security for health care, banking, and government activities will continue to keep systems administrators busy in 2010. The threat in the new year will be the unintended PCI, HIPAA or SOX breach that lands your organization on the front page.
  6.  

  7. Windows 7
    Although Windows 7 is a more secure operating system than Windows XP, the new OS will require administrators to learn new security settings, map these settings back for compliance with industry regulations and ensure data integrity when upgrading older OSes. Any malware or virus on the old system will wreak havoc during the upgrade process.
  8.  

  9. Scareware
    Malicious applications posing as legitimate security software will continue to multiply in 2010. Aside from providing a back door to computers and networks, the hackers also benefit from the money (and credit card data) that users spend on these illegitimate apps.
  10.  

  11. Mobile devices
    Attacks against mobile devices will become commonplace in the new year. Text message spams, Bluetooth hijacking, mobile browser compromises and insecure applications will allow attackers to control smartphones, ring up unintended charges and initiate communications that appear to come from users' phones.
  12.  

  13. Encryption
    Industry regulations require encryption. Windows 7 makes encryption easy, but some encryption implementations require the user enter their credentials during the system boot process. This will hinder the ability of the system administrators to centrally manage and reboot these devices -- inhibiting the standard patch and reboot process.
  14.  

  15. Patch management for third-party applications
    The continued rise in the detection of flaws in third-party applications (such as Mozilla Firefox, Adobe Reader, Apple iTunes and Sun Java) will lead to more security patches. Until these applications are managed by Microsoft's software update process, administrators will continue to have a difficult time keeping them patched.
  16.  

  17. Virtualization
    We'll probably see the first big virtualization hack in 2010. The availability of virtual technology combined with the drive to reduce expenses will push virtual adoption into primetime, but along with that will come the security lapses inherent in any new technology implementation. We'll see at least one major virtual software flaw and numerous implementation flaws that lead to data being compromised.
  18.  

  19. The economy
    Less headcount means fewer administrators to get more done. Keeping the systems up and running is paramount -- will security take a backseat to access and uptime?

These threats are only a prediction of what 2010 will bring for desktop security. Only time will tell whether IT pundits' predictions will come true. Regardless, it's sure to be an interesting year.

 

ABOUT THE AUTHOR:   
 
Eric Schultze
Eric Schultze is an independent security consultant who most recently designed Microsoft patch management solutions at Shavlik Technologies. Prior to Shavlik, he worked for Microsoft, where he helped manage the security bulletin and patch release process. Schultze likes to forget that he used to work as an internal auditor on Wall Street.
 


This was first published in December 2009

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.