MILFORD, Conn. (1/15/10)--Perimeter E-Security, a CUNA Strategic Service and provider of information security services, has released its Top 10 Information Security Threats for 2010. “It is vital for companies to understand what they can do to best protect their systems and information,” said Kevin Prince, Perimeter chief technology officer. Perimeter’s top 10 threats are:
* Malware, which can be installed on systems through client-side software vulnerabilities. Browsers are a top target for vulnerabilities, Perimeter said. Malware was the second-highest ranked threat last year. For the first time, cybercrime exceeded drug trafficking, reported the FBI in 2009. * Malicious insiders. Many disgruntled and desperate employees have tried to exploit their employers or former employers. There is no way to completely eliminate the threat of malicious insiders, but good security policies can reduce incidents. * Exploited vulnerabilities, which lead to worms, viruses, malware and other attacks. Organizations need to improve their patch management, Perimeter said. * Careless employees. They can be categorized as careless or untrained; employees that are duped or fall prey to social engineering attacks; or malicious employees. Organizations should provide policies, procedures, training and technology to reduce threats generated by careless employees. * Mobile devices. Worms and other malware specifically target these devices and enlist them as botnets to steal data. Laptops are main culprits. Many are stolen every year and have sensitive data that would require public disclosure if there’s a data breach. * Social networking. Sites such as Facebook, MySpace and Twitter can be breeding grounds for SPAM, scams, scareware and other attacks. Personal safety also can be an issue, because the information individuals post on the site can be a “stalker’s dream come true,” Perimeter said. * Social engineering attacks, such as phishing. Beginning this year, domain names will be expanded to include Japanese, Arabic, Hindi and Greek characters, which will make it more difficult for users to determine if a domain is legitimate. * Zero-Day exploits, which occur when an attacker can compromise a system on a known vulnerability but no patch or fix exists. * Cloud computing Internet-based security threats. Many applications call for forced encryption to access “in the cloud” services. As cloud computing becomes more popular, security will be an issue. “Cloud” is a metaphor for the Internet. * Cyberespionage. Most incidents so far have involved government bodies and agencies, and haven’t been a threat to individual organizations. But because cyberespionage has large implications for government, it must be closely monitored.
In most cases, companies will have to implement new technology to prepare for threats. CUNA Strategic Services will offer a webinar, “Detect and Protect: Resolve to Fight Cyber Threats in 2010,” Jan. 27 at 1 p.m. CST. It features a panel of security experts, including Perimeter.