The upcoming new year will see cybercriminals act with even more persistency and sophistication, as the world shifts from the PC-centric desktop toward mobile and cloud computing. The repercussion for IT administrators will be an imperative to approach security with a data-centric framework – protecting the data, not just the systems.
Big IT trends
1. Though many organizations are still uncomfortable with consumerization, security and data breach incidents in 2012 will force them to face BYOD-related challenges.
The Bring-Your-Own-Device (BYOD) Consumerization Era is here to stay. With more corporate data stored or accessed by devices that are not fully controlled by IT administrators, the likelihood of data loss incidents caused by improperly secured personal devices will rise.
2. The real challenge for data center owners will be dealing with the increasing complexities of securing physical, virtual, and cloud-based systems.
While attacks specifically targeting virtual machines (VMs) and cloud computing services remain a possibility, attackers will find no immediate need to resort to these because conventional attacks will remain effective in these new environments. Virtual and cloud platforms are just as easy to attack but more difficult to protect. The burden will thus fall on IT administrators who have to secure their company’s critical data as they adopt these technologies. Patching a big array of virtualized servers is a challenge, allowing hackers to hijack servers, to fork traffic, and/or to steal data from vulnerable systems.
3. Smartphone and tablet platforms, especially Android, will suffer from more cybercriminal attacks.
As smartphone usage continues to grow worldwide, mobile platforms will become even more tempting cybercriminal targets. The Android platform, in particular, has become a favorite attack target due to its app distribution model, which makes it completely open to all parties. We believe this will continue in 2012 although other platforms will also come under fire.
4. Security vulnerabilities will be found in legitimate mobile apps, making data extraction easier for cybercriminals.
To date, mobile platform threats come in the form of malicious apps. Moving forward, we expect cybercriminals to go after legitimate apps as well. They will likely find either vulnerabilities or coding errors that can lead to user data theft or exposure. Compounding this further is the fact that very few app developers have a mature vulnerability handling and remediation process, which means the window of exposure for these flaws may be longer.