Top Five Security Threats to Monitor

Friday, February 25, 2011



Aarij M. Khan of ArcSight (an HP company) has compiled his top five threats for enterprise security professionals to monitor.

Khan warns of an exponential increase in the sophistication and proliferation of information security threats targeting multiple vulnerabilities.

One of the biggest problems Khan notes is the inability of targeted entities to produce accurate information pertaining to attack attribution and the extent of the infiltrations.

Khan cites a report by the Identity Theft Resource Centre which stated that out of the 662 registered breaches, forty percent of targets could not identify the origin of the attacks.

Highlights of Khan's top five list are as follows:

1. Traditional malware: Traditional malware will remain the primary mechanism of distributing software to computers on the internet... Recent numbers from McAfee indicate roughly 55,000 new malware pieces identified every day, which continues the exponential growth pattern into 2010. This trend will only continue...

2. Shift to advanced persistent threat (APT): Oftentimes described as Advanced Persistent Threat (APT), these attacks are designed to infiltrate an organisation, hop the firewall and acquire a target. Once the software gets behind the firewall, it hops around the organisation investigating and gathering information about the internal system... It can be weeks or months before an organisation detects that it is under attack...

3. Focus on finance, hospitality and retail: As data from the 2010 data breach report issued by the Verizon RISK team and the U.S. Secret Service shows, these three industries combined currently represent 71% of all data breaches...

4. Mobile devices increase vulnerabilities: Seven out of ten companies still don’t have explicit policies outlining which devices can be logged on to the network or on working in public places, as reported in the 2010 Visual Data Breach Risk Assessment Study commissioned by 3M...

5. Hactivism as a new type of threat: The most visible example of hactivism were the recent attacks by Anonymous, a group that targeted MasterCard, Visa and PayPal after those companies cut off financial services to WikiLeaks. We may see more of these types of attack by groups representing political and environmental organisations...

For more details on the listed threats, see Khan's article at ComputerWorldUK:


Possibly Related Articles:
malware Mobile Devices Advanced Persistent Threats Headlines Threats Hacktivist Identity Theft Resource Center
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.