One prediction made by more than one industry source is that mobile phones will come under increasing infosecurity attack. Romanian-based antivirus vendor BitDefender expects mobile devices to be a major target for cyber criminals in 2008, arguing that WiFi, GPRS and Bluetooth will create opportunities for malware applications to steal data. It predicts an increase in mobile spam, phishing and viruses.
Analyst firm Gartner predicts that mobile commerce will continue to emerge as a new sales channel for retailers, and as mobile phones evolve in form and function in 2008, the impact of the mobile phone on retail sales is set to increase. Postini, now a division of Google, has gone one step further, predicting that the increasing popularity of Apple’s iPhone will bring with it a new market for mobile device security software. Postini experts predict that a major iPhone security incident will raise awareness of the problem.
Postini also says that social engineering techniques will be deployed more widely in 2008, and will be increasingly used for malicious purposes. John Colley of professional organisation (ISC)2 agrees, saying that individual people and not systems are increasingly targeted in information security attacks. Therefore security awareness programmes should be set to dominate infosecurity agendas in 2008, he argues.
“Good information security is about people, those that manage it and those that use the systems. We have to ensure people clearly understand…who is behind engineering attacks and why they exist,” he says, adding that that awareness is an area that information security professionals have sought to improve for some time but have not always been able to prioritise.
US security vendor Websense believes that this summer's Beijing Olympics will fuel a surge in cyber-attacks, with Olympic news and other sport sites being compromised. On a more optimistic note, experts at the firm believe that through the global cooperation of enforcement agencies, there will be a big crack-down and arrests on hacker groups and individuals.
Steve Hurn, chief executive of UK application security firm Secerno, is concerned that simplistic security solutions based on signature block lists or rules-based network security will put organisations at risk in 2008.
“The memory of the damage caused by 2007’s numerous security breaches will not fade quickly,” he says, and security attention will therefore be driven away from the network and towards software applications. “Traditional security approaches will buckle under the strain of new threats and increasing numbers of authorised users,” Hurn adds.