CyberthreatsTop Nine cyber security trends for 2012

Security driven by compliance leaves weak links // Source: yume.vn

Redwood Shores, California based Imperva, a data security specialist, yesterday announced its predictions for the top cyber security trends for 2012.  The analysis, compiled by Imperva’s Application Defense Center (ADC), is designed to help companies shield themselves from the threat of hackers and insiders.

“Hacking, by nature, is a discipline that relies on innovation,” explained Imperva CTO Amichai Shulman.  “Knowing future, potential threats helps security teams fight against the bad guys.”

Imperva predicts that the Top Nine cyber security trends for 2012 are:

Trend #9: SSL gets hit in the crossfire — Currently, attackers are exploiting vulnerabilities in the various implementations of the SSL protocol. Furthermore, the company is seeing a rise in attacks which target the worldwide infrastructure that supports SSL. Imperva expects these attacks to reach a tipping point in 2012 which, in turn, will invoke a serious discussion about real alternatives for secure web communications.

Trend #8: HTML 5 goes live — Over the last few years, vulnerabilities in browsers’ add-ons (third party components such as Adobe’s Flash Player or Oracle’s Java) were the significant cause of “zero-day” exploits. Imperva predicts that in 2012 hackers will shift their focus to exploiting vulnerabilities in the browsers themselves in order to install malware. The reason is due to recently added browser functionality — mainly driven by the adoption of HTML 5 standard.  The HTML 5 standard was created to enable browsers to support a richer end user experience in a standardized way. While the new features are attractive to Web developers, they are also very beneficial for hackers.

Trend #7: DDoS moves up the stack — Distributed Denial of Service (DDoS) attacks are gaining popularity and were part of high profile hacking campaigns in 2011, such as the Anonymous attacks. Imperva predicts that in 2012 attackers will increase the sophistication and effectiveness of DDoS attacks by shifting from network level attacks to application level attacks, and even business logic level attacks. Indications for this trend are already emerging. For example, the #RefRef tool, introduced in September 2011, exploits SQL injection vulnerabilities used to perform DoS attacks.

Trend #6: Internal collaboration meets its evil twin — Internal collaboration suites (such as Microsoft Sharepoint and Jive) are being deployed in “evil twin” mode, that is, these suites are used externally. As a result, Imperva believes organizations will look for tools to protect and control access to such platforms.

Trend #5: NoSQL = No Security? — The IT world is quickly embracing NoSQL under the buzzword Big Data. These huge data stores are the next big step in analyzing the massive amounts of data that is being collected in order to identify trends. Imperva’s analysts predict that the inadequate security mechanisms of these systems will inhibit enterprises from fully integrating these systems as third party components within the enterprise.

Trend #4: The kimono comes off of consumerized IT — After being caught off guard by the consumerization of IT, professionals are trying to regain control of corporate data. Imperva believes that they are doing it the wrong way. Instead of trying to control data at the source, IT organizations try to regulate the usage of end-user devices and de-cloud data access. The company’s analysts expect organizations to spend a lot of time, money and effort on these techniques and technologies next year, with very poor results.

Trend #3:  Anti-social media — As many more organizations are making their way into the social media space, Imperva expects to see a growing impact to the integrity and confidentiality of the enterprise’s information. Moreover, the analysts expect hackers will continue to automate social media attacks, exacerbating the problem.

Trend #2: The Rise of the middle man — With the increased supply and demand for compromised machines, as well as for sensitive corporate information, Imperva predicts the rise of the cyber broker. This individual matches the buyers of stolen data or compromised machines (aka “bots”) with the sellers of the data (or bot renters).  In the same way stocks and investors gave rise to stock markets, hackers need a middleman.

Trend #1: Security trumps compliance - In the past, security decisions were usually driven by compliance. In 2012, however, Imperva’s analysts expect to see security decisions driven by security. The past influx of laws and regulations, which drove the budget and security solutions such as PCI or SOX, were used to feed the security budget. With the cost of a breach rising, industrialized hacking impacting many organizations and the need to protect of intellectual property, we expect to see more companies making cyber security decisions based on security.

— Read more in Imperva’s Security Trends 2012