Tip

Desktop security predictions for 2010

Smarter hackers, more malicious malware and the rise of social engineering may make 2010 a dangerous year in terms of security. See what to look out for to keep your desktops safe.

The coming year looks to be an exciting time in the technology space: Processors are faster, storage is bigger, connectivity is better, and virtualization is here to stay.

But on the flip side, hackers are smarter, malware is more malicious, and social engineering is on the rise.

Here are 10 security threats that could plague 2010.

  1. Cloud computing
    The so-called cloud will be all the rage in 2010. While centralized processors, storage and management will lower costs, questions about data segregation, backup and secure access will hinder the adoption of cloud applications, especially in regulated industries.
  2.  

  3. Social media
    In 2010, employees will spend more time on Facebook, and corporations will tweet more. As a result, it will be critical to watch for Trojan horses attempting to enter your network via these social media. Also, make sure pay attention to short URLs (popular in social media sites), which may be hiding their true destinations.
  4.  

  5. Compliance
    Ensuring data security for health care, banking, and government activities will continue to keep systems administrators busy in 2010. The threat in the new year will be the unintended PCI, HIPAA or SOX breach that lands your organization on the front page.
  6.  

  7. Windows 7
    Although Windows 7 is a more secure operating system than Windows XP, the new OS will require administrators to learn new security settings, map these settings back for compliance with industry regulations and ensure data integrity when upgrading older OSes. Any malware or virus on the old system will wreak havoc during the upgrade process.
  8.  

  9. Scareware
    Malicious applications posing as legitimate security software will continue to multiply in 2010. Aside from providing a back door to computers and networks, the hackers also benefit from the money (and credit card data) that users spend on these illegitimate apps.
  10.  

  11. Mobile devices
    Attacks against mobile devices will become commonplace in the new year. Text message spams, Bluetooth hijacking, mobile browser compromises and insecure applications will allow attackers to control smartphones, ring up unintended charges and initiate communications that appear to come from users' phones.
  12.  

  13. Encryption
    Industry regulations require encryption. Windows 7 makes encryption easy, but some encryption implementations require the user enter their credentials during the system boot process. This will hinder the ability of the system administrators to centrally manage and reboot these devices -- inhibiting the standard patch and reboot process.
  14.  

  15. Patch management for third-party applications
    The continued rise in the detection of flaws in third-party applications (such as Mozilla Firefox, Adobe Reader, Apple iTunes and Sun Java) will lead to more security patches. Until these applications are managed by Microsoft's software update process, administrators will continue to have a difficult time keeping them patched.
  16.  

  17. Virtualization
    We'll probably see the first big virtualization hack in 2010. The availability of virtual technology combined with the drive to reduce expenses will push virtual adoption into primetime, but along with that will come the security lapses inherent in any new technology implementation. We'll see at least one major virtual software flaw and numerous implementation flaws that lead to data being compromised.
  18.  

  19. The economy
    Less headcount means fewer administrators to get more done. Keeping the systems up and running is paramount -- will security take a backseat to access and uptime?

These threats are only a prediction of what 2010 will bring for desktop security. Only time will tell whether IT pundits' predictions will come true. Regardless, it's sure to be an interesting year.

 

ABOUT THE AUTHOR:   
 
Eric Schultze
Eric Schultze is an independent security consultant who most recently designed Microsoft patch management solutions at Shavlik Technologies. Prior to Shavlik, he worked for Microsoft, where he helped manage the security bulletin and patch release process. Schultze likes to forget that he used to work as an internal auditor on Wall Street.
 


Dig Deeper on Enterprise desktop management