The following are some key security risks, which we feel pose danger to
organizations, individuals, and the govt. You will notice that we haven't
mentioned security threats like viruses, spam, etc in the list, simply because
they would be lurking beneath many of the threats we've described below:
Cyber Warfare
As the name suggests, this comprises of various techniques to use the
Internet for conducting warfare in cyber space. This includes cyber espionage to
obtain secrets of govt, corporates, or even individuals, DoS attacks to make
websites unresponsive, or even more severe types such as sabotaging IT hardware
and software of defense systems. Post 26/11 in Mumbai, cyber warfare has gained
a lot of attention, simply because terrorists are well-versed with using the
latest technologies. They can use cellphones, GPS devices, hack into networks,
send and receive encrypted messages, and much more. Cyber warfare is therefore,
a potential security risk to everyone.
SMS Ransomware
This is another type of threat to expect in the future. A Trojan would lock
your system, and maybe even encrypt certain files on it. It would then ask you
to send an SMS to a particular number in order to receive the unlock code for
it. In other words, it's holding you to ransom. Possibly the creator of such
ransomware would make money out of receiving SMSes, or might even be able to
create a large database of mobile numbers, which could be mis-used later. Some
anti-virus software do have the solutions for this. Another way could be to use
an external OS system, like LiveOS to boot the system and then remove the Trojan
from the system.
Virtualization
Yes, this is the technology that's creating waves in the enterprise world,
because it allows you to run more applications on lesser hardware. While that
improves efficiency, power consumption, etc, it's also like putting more eggs in
fewer baskets. So if one basket gets attacked, then there are many more eggs for
the thief to take away.
Mobile devices and wireless networks
The sharp increase in mobile devices like laptops, smartphones, etc also
poses a serious security risk. Since they're outside the physical boundary of
the organization, they become difficult to manage. First is the risk of theft.
Mobile devices can easily be stolen, if the owner is not careful enough. Another
risk is that of the owner plugging it into potentially unsafe networks, catching
an infection and later plugging it into the corporate network. A third risk is
where the owner installs a lots of software on the laptop from the Internet.
This increases the chances of malware programs also getting installed on the
laptop. Smartphones are also gaining popularity in the corporate world, and pose
another potential security risk. That's because they carry critical data like
contact information, emails, etc. Lastly, the proliferation of wireless networks
is posing another security risk, especially if you don't secure it using
standards like WPA.
Social networking sites
There would hardly be a youngster who hasn't heard of Orkut, FaceBook, or
YouTube. These are all icons of the modern Web 2.0 enabled Internet and provide
a convenient medium for people to interact with each other, to share apps and
data. Hence, the serious security risk. You could get an email, supposedly from
a friend to look at a cool new video on YouTube. You click on the link, only to
be prompted to install the latest version of Flash to play it. That downloads a
malicious application on your machine, and the rest as they say is history.
Attacks similar to this are becoming quite common on social networking sites.
VoIP
As more organizations start using IP based communication, their security
risk also increases. If the VoIP conversations are not encrypted, then they can
easily be captured using freely available network sniffers. These sniffers can
easily capture entire conversations and reconstruct them.
Malware
With a growing cyber crime industry, it's only natural for the amount of
malware to also grow. Not only is it growing, but it's also becoming more
malicious. In fact, malware is being generated faster than the patches that can
combat it.
BotNets |
Typically, a Botnet refers to a collection of software robots, or bots, that run autonomously. The term is often associated with malicious software but also refers to the network of computers using distributed computing software. Two Botnets have been hogging the limelight: Conficker and Ghostnet. Here's an update.
Conficker: First detected in October last year, GhostNet: An operation discovered in March |
Web 2.0 apps
These pose another security threat, especially the ones that offer free
online access. How do you know that the free online office suite you're using is
safe or not? How do you know that the data you're saving on it remains
completely confidential and doesn't get mis-used? Or how about the dozens of
online data storage sites, which claim to back up your critical data?
Other sources of security risk
There are several other security risks, which are likely to become common in
the near future. One of them is RFID tags, thanks to their growing popularity.
RFID tags suffer from the same problem as wireless networks-remote hacking. A
hacker could read the information stored on a RFID tag from a distance, without
being suspected. Another area that's likely to become a security risk is RIAs,
or Rich Internet Applications. An RIA allows the developer to build an
application that can interact with the OS, just like an ordinary desktop
application. This makes it a point of vulnerability.