SlideShare une entreprise Scribd logo
1  sur  20
Télécharger pour lire hors ligne
12 SECURITY PREDICTIONS FOR 2012
This time every year, I sit down with my research teams
and we talk about what we think the coming year will hold
in terms of threats to our customers. It’s an important
discussion that helps us not only share with you what we
think you need to be prepared for, but also to help guide our
direction as we continue to build products and services to
help protect you from these threats.
This year, as we look ahead, we’ve come up with
12 predictions for 2012 that fall into four main categories:
   • Big IT trends
   • Mobile landscape
   • Threat landscape
   • Data leaks and breaches
In looking at these predictions, what we see in common are
trends toward ever more sophisticated attackers and away
from the PC-centric desktop. Our hope that new OSs make
the world a safer place didn’t work out. This means that our
customers in 2012 will need to continue moving toward a
more data-centric model for effective security and privacy
as they embrace consumerization, virtualization, and the
cloud. And we here at Trend Micro need to continue our
work in these key areas to help enable our customers to
meet and protect against these threat trends in 2012.
At Trend Micro, we are always
working to understand not just the
threats of today, but also the trends
of tomorrow; it’s in our company
name. That helps us to help you
better protect your data and assets.
I hope that you find this year’s
predictions to be not only interesting,
but helpful in making 2012 a safe and
secure year.




                    Raimund Genes
                    CTO, Trend Micro
BIG
IT
TRENDS
Though many
    organizations are still
    uncomfortable with
    consumerization, security
1   and data breach incidents in 2012 will
    force them to face BYOD-related challenges.
    The Bring-Your-Own-Device (BYOD) Era is here to stay. As more and more
    corporate data is stored or accessed by devices that are not fully controlled
    by IT administrators, the likelihood of data loss incidents that are directly
    attributable to the use of improperly secured personal devices will rise. We will
    definitely see incidents of this nature in 2012.
The real challenge for
    data center owners will be dealing
    with the increasing complexities of securing
    physical, virtual, and cloud-based systems.
2   While attacks specifically targeting virtual machines (VMs) and cloud
    computing services remain a possibility, attackers will find no immediate need
    to resort to these because conventional attacks will remain effective in these
    new environments. Virtual and cloud platforms are just as easy to attack but
    more difficult to protect. The burden will thus fall on IT administrators who
    have to secure their company’s critical data as they adopt these technologies.
    Patching a big array of virtualized servers is a challenge, allowing hackers to
    hijack servers, to fork traffic, and/or to steal data from vulnerable systems.
MOBILE
LANDSCAPE
Smartphone and tablet
    platforms, especially
3   Android, will suffer from
    more cybercriminal attacks.
    As smartphone usage continues to grow worldwide, mobile platforms will
    become even more tempting cybercriminal targets. The Android platform,
    in particular, has become a favorite attack target due to its app distribution
    model, which makes it completely open to all parties. We believe this will
    continue in 2012 although other platforms will also come under fire.
Security vulnerabilities
    will be found in legitimate
4   mobile apps, making data
    extraction easier for cybercriminals.
    To date, mobile platform threats come in the form of malicious apps. Moving
    forward, we expect cybercriminals to go after legitimate apps as well. They
    will likely find either vulnerabilities or coding errors that can lead to user data
    theft or exposure. Compounding this further is the fact that very few app
    developers have a mature vulnerability handling and remediation process,
    which means the window of exposure for these flaws may be longer.
THREAT
LANDSCAPE
5   Even though botnets will become smaller,
    they will grow in number, making effective law
    enforcement takedowns more difficult to realize.
    Botnets, the traditional cybercrime tool, will evolve in response to actions
    taken by the security industry. The days of massive botnets may be over.
    These may be replaced by more, albeit smaller but more manageable, botnets.
    Smaller botnets will reduce risks to cybercriminals by ensuring that the loss of
    a single botnet will not be as keenly felt as before.
Hackers will eye
    nontraditional targets so
    flawed Internet-connected equipment,
    ranging from SCADA-controlled heavy
6   industrial machinery to medical gadgets,
    will come under attack.
    Attacks targeting supervisory control and data acquisition (SCADA) systems
    as well as other equipment accessible via networks will intensify in 2012 as
    certain threat actors go beyond stealing money and valuable data. STUXNET
    and other threats in 2011 highlighted how SCADA has become an active target.
    Proof-of-concept (POC) attacks against network-connected systems, including
    medical equipment, are expected to ensue.
7
    Cybercriminals will find more creative
    ways to hide from law enforcement.
    Cybercriminals will increasingly try to profit by abusing legitimate online
    revenue sources such as online advertising. This will help them hide from the
    eyes of both law enforcement and antifraud watchdogs hired by banks and
    other financial agencies.
DATA
LEAKS AND
BREACHES
More hacker groups will pose a bigger threat to
8   organizations that protect highly sensitive data.
    Online groups such as Anonymous and LulzSec rose to prominence in 2011,
    targeting companies and individuals for various political reasons. These
    groups are likely to become even more motivated in 2012. They will become
    more skilled both at penetrating organizations and at avoiding detection by
    IT professionals and law enforcement agencies. Organizations will have to
    deal with this new threat and to increase their efforts to protect vital
    corporate information.
The new social networking generation will
9   redefine “privacy.”
    Confidential user information is ending up online, thanks in large part to users
    themselves. The new generation of young social networkers have a different
    attitude toward protecting and sharing information. They are more likely to
    reveal personal data to other parties such as in social networking sites. They
    are also unlikely to take steps to keep information restricted to specific groups
    such as their friends. In a few years, privacy-conscious people will become the
    minority—an ideal prospect for attackers.
As social engineering becomes mainstream,
     SMBs will become easy targets.
10   To date, the craftiest social engineering ploys have been directed against large
     enterprises. However, cybercriminals are now so adept at social engineering
     that the effort to target companies individually—big or small—is becoming less
     costly. This and the greater volume of personal information available online
     will allow cybercriminals to launch more customized and fine-tuned attacks
     against small and medium-sized businesses (SMBs). As in previous attacks
     against SMBs, cybercriminals will continue focusing on gaining access to
     companies’ online banking accounts.
11   New threat actors will use sophisticated cybercrime
     tools to achieve their own ends.
     Targeted attacks will continue to grow in number in 2012. Cybercriminals will
     not be the only ones using these attacks, however. As the effectiveness of
     advanced persistent threats (APTs) becomes more obvious, other parties such
     as activist groups, corporations, and governments will find themselves using
     similar cybercrime tools and tactics to achieve their goals.
12 More high-profile datainfection
   incidents via malware
                          loss
    and hacking will occur in 2012.
    High-profile attacks will continue to hit major organizations in 2012. Important
    and critical company data will be extracted through malware infection and
    hacking. As a result, significant data loss incidents will ensue, potentially
    affecting thousands of users and their personal information. These incidents
    can result in significant direct and indirect losses to concerned parties.
TREND MICRO™

Trend Micro Incorporated, a global cloud security leader, creates a world safe                  TREND MICRO INC.
for exchanging digital information with its Internet content security and threat                10101 N. De Anza Blvd.
management solutions for businesses and consumers. A pioneer in server                          Cupertino, CA 95014
security with over 20 years of experience, we deliver top-ranked client, server,
and cloud-based security that fits our customers’ and partners’ needs, stops new                US toll free: 1 +800.228.5651
threats faster, and protects data in physical, virtualized, and cloud environments.             Phone: 1 +408.257.1500
Powered by the Trend Micro™ Smart Protection Network™ infrastructure, our                       Fax: 1 +408.257.2003
industry-leading cloud-computing security technology, products, and services
                                                                                                www.trendmicro.com
stop threats where they emerge, on the Internet, and are supported by
1,000+ threat intelligence experts around the globe. For additional information,
visit www.trendmicro.com.


                                                      ©2011 by Trend Micro, Incorporated. All rights reserved. Trend Micro and the
                                                      Trend Micro t-ball logo are trademarks or registered trademarks of Trend Micro,
                                                      Incorporated. All other product or company names may be trademarks or
                                                      registered trademarks of their owners.

Contenu connexe

Tendances

Sophos Security Threat Report 2014
Sophos Security Threat Report 2014Sophos Security Threat Report 2014
Sophos Security Threat Report 2014- Mark - Fullbright
 
Cybersecurity report
Cybersecurity reportCybersecurity report
Cybersecurity reportKevin Leffew
 
2022 Cybersecurity Predictions
2022 Cybersecurity Predictions2022 Cybersecurity Predictions
2022 Cybersecurity PredictionsMatthew Rosenquist
 
Russian and Worldwide Internet Security Trends 2015
Russian and Worldwide Internet Security Trends 2015Russian and Worldwide Internet Security Trends 2015
Russian and Worldwide Internet Security Trends 2015Qrator Labs
 
Symantec Website Security Threat Report 2014 - RapidSSLOnline
Symantec Website Security Threat Report 2014 - RapidSSLOnlineSymantec Website Security Threat Report 2014 - RapidSSLOnline
Symantec Website Security Threat Report 2014 - RapidSSLOnlineRapidSSLOnline.com
 
Qrator Labs annual report 2017
Qrator Labs annual report 2017Qrator Labs annual report 2017
Qrator Labs annual report 2017Qrator Labs
 
Cyber security master class 2018
Cyber security master class 2018Cyber security master class 2018
Cyber security master class 2018Sanjana Khound
 
Cyber Security Whitepaper 2018 | vTech Solution
Cyber Security Whitepaper 2018 | vTech SolutionCyber Security Whitepaper 2018 | vTech Solution
Cyber Security Whitepaper 2018 | vTech SolutionSimrat Singh
 
TECHNICAL WHITE PAPER▶ Symantec Website Security Threat Report
TECHNICAL WHITE PAPER▶ Symantec Website Security Threat ReportTECHNICAL WHITE PAPER▶ Symantec Website Security Threat Report
TECHNICAL WHITE PAPER▶ Symantec Website Security Threat ReportSymantec
 
Mobile malware and enterprise security v 1.2_0
Mobile malware and enterprise security v 1.2_0Mobile malware and enterprise security v 1.2_0
Mobile malware and enterprise security v 1.2_0Javier Gonzalez
 
2015 Global Threat Intelligence Report Executive Summary | NTT i3
2015 Global Threat Intelligence Report Executive Summary | NTT i32015 Global Threat Intelligence Report Executive Summary | NTT i3
2015 Global Threat Intelligence Report Executive Summary | NTT i3NTT Innovation Institute Inc.
 
ISTR Internet Security Threat Report 2019
ISTR Internet Security Threat Report 2019ISTR Internet Security Threat Report 2019
ISTR Internet Security Threat Report 2019- Mark - Fullbright
 
Symantec's Internet Security Threat Report for the Government Sector
Symantec's Internet Security Threat Report for the Government SectorSymantec's Internet Security Threat Report for the Government Sector
Symantec's Internet Security Threat Report for the Government SectorSymantec
 
07 20251 latest trends, challenges ed
07 20251 latest trends, challenges ed07 20251 latest trends, challenges ed
07 20251 latest trends, challenges edIAESIJEECS
 
IMC 618 - Public Relations Campaign
IMC 618 - Public Relations CampaignIMC 618 - Public Relations Campaign
IMC 618 - Public Relations CampaignStephanie Holman
 
NACM eNews Article dated May 19 2016
NACM eNews Article dated May 19 2016NACM eNews Article dated May 19 2016
NACM eNews Article dated May 19 2016Sam Smith
 

Tendances (19)

Sophos Security Threat Report 2014
Sophos Security Threat Report 2014Sophos Security Threat Report 2014
Sophos Security Threat Report 2014
 
Cybersecurity report
Cybersecurity reportCybersecurity report
Cybersecurity report
 
2022 Cybersecurity Predictions
2022 Cybersecurity Predictions2022 Cybersecurity Predictions
2022 Cybersecurity Predictions
 
Russian and Worldwide Internet Security Trends 2015
Russian and Worldwide Internet Security Trends 2015Russian and Worldwide Internet Security Trends 2015
Russian and Worldwide Internet Security Trends 2015
 
Symantec Website Security Threat Report 2014 - RapidSSLOnline
Symantec Website Security Threat Report 2014 - RapidSSLOnlineSymantec Website Security Threat Report 2014 - RapidSSLOnline
Symantec Website Security Threat Report 2014 - RapidSSLOnline
 
Qrator Labs annual report 2017
Qrator Labs annual report 2017Qrator Labs annual report 2017
Qrator Labs annual report 2017
 
Cyber security master class 2018
Cyber security master class 2018Cyber security master class 2018
Cyber security master class 2018
 
B istr main-report_v18_2012_21291018.en-us
B istr main-report_v18_2012_21291018.en-usB istr main-report_v18_2012_21291018.en-us
B istr main-report_v18_2012_21291018.en-us
 
Cyber Security Whitepaper 2018 | vTech Solution
Cyber Security Whitepaper 2018 | vTech SolutionCyber Security Whitepaper 2018 | vTech Solution
Cyber Security Whitepaper 2018 | vTech Solution
 
TECHNICAL WHITE PAPER▶ Symantec Website Security Threat Report
TECHNICAL WHITE PAPER▶ Symantec Website Security Threat ReportTECHNICAL WHITE PAPER▶ Symantec Website Security Threat Report
TECHNICAL WHITE PAPER▶ Symantec Website Security Threat Report
 
Mobile malware and enterprise security v 1.2_0
Mobile malware and enterprise security v 1.2_0Mobile malware and enterprise security v 1.2_0
Mobile malware and enterprise security v 1.2_0
 
CII Whitepaper India Cyber Risk & Resilience Review 2018
CII Whitepaper India Cyber Risk & Resilience Review 2018CII Whitepaper India Cyber Risk & Resilience Review 2018
CII Whitepaper India Cyber Risk & Resilience Review 2018
 
2015 Global Threat Intelligence Report Executive Summary | NTT i3
2015 Global Threat Intelligence Report Executive Summary | NTT i32015 Global Threat Intelligence Report Executive Summary | NTT i3
2015 Global Threat Intelligence Report Executive Summary | NTT i3
 
ISTR Internet Security Threat Report 2019
ISTR Internet Security Threat Report 2019ISTR Internet Security Threat Report 2019
ISTR Internet Security Threat Report 2019
 
Insights success the 10 best performing cyber security solution providers 4th...
Insights success the 10 best performing cyber security solution providers 4th...Insights success the 10 best performing cyber security solution providers 4th...
Insights success the 10 best performing cyber security solution providers 4th...
 
Symantec's Internet Security Threat Report for the Government Sector
Symantec's Internet Security Threat Report for the Government SectorSymantec's Internet Security Threat Report for the Government Sector
Symantec's Internet Security Threat Report for the Government Sector
 
07 20251 latest trends, challenges ed
07 20251 latest trends, challenges ed07 20251 latest trends, challenges ed
07 20251 latest trends, challenges ed
 
IMC 618 - Public Relations Campaign
IMC 618 - Public Relations CampaignIMC 618 - Public Relations Campaign
IMC 618 - Public Relations Campaign
 
NACM eNews Article dated May 19 2016
NACM eNews Article dated May 19 2016NACM eNews Article dated May 19 2016
NACM eNews Article dated May 19 2016
 

En vedette

مستجدات
مستجداتمستجدات
مستجداتhea7-3
 
presentation e-commerce and e-security- عرض التجارة الالكترونية و حماية خصوصيتي
presentation e-commerce and e-security- عرض التجارة الالكترونية و حماية خصوصيتي presentation e-commerce and e-security- عرض التجارة الالكترونية و حماية خصوصيتي
presentation e-commerce and e-security- عرض التجارة الالكترونية و حماية خصوصيتي Muneera Salah
 
الإعلام الالكتروني وسيلة لبناء العلاقات
الإعلام الالكتروني وسيلة لبناء العلاقاتالإعلام الالكتروني وسيلة لبناء العلاقات
الإعلام الالكتروني وسيلة لبناء العلاقاتMazen AlDarrab
 
العرض التقديمي اسلام البرنس
العرض التقديمي اسلام البرنسالعرض التقديمي اسلام البرنس
العرض التقديمي اسلام البرنسBahaaeldin Mohamed
 
Privacy and Media Ethics
Privacy and Media EthicsPrivacy and Media Ethics
Privacy and Media EthicsEisa Al Nashmi
 
اقوى عرض فى الصيف مع شركة
اقوى عرض فى الصيف مع شركةاقوى عرض فى الصيف مع شركة
اقوى عرض فى الصيف مع شركةSheho Echo
 
IT Department - E-Commerce Business v3
IT Department - E-Commerce Business v3IT Department - E-Commerce Business v3
IT Department - E-Commerce Business v3dabai
 
8 طرق لحماية حسابك على اللينكدإن - LinkedIn
8 طرق لحماية حسابك على اللينكدإن - LinkedIn8 طرق لحماية حسابك على اللينكدإن - LinkedIn
8 طرق لحماية حسابك على اللينكدإن - LinkedInAlaa Almasri
 

En vedette (9)

مستجدات
مستجداتمستجدات
مستجدات
 
E-LIS Webinar in Arabic
E-LIS Webinar in ArabicE-LIS Webinar in Arabic
E-LIS Webinar in Arabic
 
presentation e-commerce and e-security- عرض التجارة الالكترونية و حماية خصوصيتي
presentation e-commerce and e-security- عرض التجارة الالكترونية و حماية خصوصيتي presentation e-commerce and e-security- عرض التجارة الالكترونية و حماية خصوصيتي
presentation e-commerce and e-security- عرض التجارة الالكترونية و حماية خصوصيتي
 
الإعلام الالكتروني وسيلة لبناء العلاقات
الإعلام الالكتروني وسيلة لبناء العلاقاتالإعلام الالكتروني وسيلة لبناء العلاقات
الإعلام الالكتروني وسيلة لبناء العلاقات
 
العرض التقديمي اسلام البرنس
العرض التقديمي اسلام البرنسالعرض التقديمي اسلام البرنس
العرض التقديمي اسلام البرنس
 
Privacy and Media Ethics
Privacy and Media EthicsPrivacy and Media Ethics
Privacy and Media Ethics
 
اقوى عرض فى الصيف مع شركة
اقوى عرض فى الصيف مع شركةاقوى عرض فى الصيف مع شركة
اقوى عرض فى الصيف مع شركة
 
IT Department - E-Commerce Business v3
IT Department - E-Commerce Business v3IT Department - E-Commerce Business v3
IT Department - E-Commerce Business v3
 
8 طرق لحماية حسابك على اللينكدإن - LinkedIn
8 طرق لحماية حسابك على اللينكدإن - LinkedIn8 طرق لحماية حسابك على اللينكدإن - LinkedIn
8 طرق لحماية حسابك على اللينكدإن - LinkedIn
 

Similaire à 12 security predictions for 2012

What lies ahead? 2016 Cyber Security Predictions from Symantec in the EMEA (E...
What lies ahead? 2016 Cyber Security Predictions from Symantec in the EMEA (E...What lies ahead? 2016 Cyber Security Predictions from Symantec in the EMEA (E...
What lies ahead? 2016 Cyber Security Predictions from Symantec in the EMEA (E...Symantec
 
White Paper Example - Brafton for NIP Group.pdf
White Paper Example - Brafton for NIP Group.pdfWhite Paper Example - Brafton for NIP Group.pdf
White Paper Example - Brafton for NIP Group.pdfBrafton
 
Cybersecurity Trends 2018: The costs of connection
Cybersecurity Trends 2018: The costs of connectionCybersecurity Trends 2018: The costs of connection
Cybersecurity Trends 2018: The costs of connectionESET Middle East
 
Top 15 security predictions for 2017
Top 15 security predictions for 2017Top 15 security predictions for 2017
Top 15 security predictions for 2017Accelerate Tech
 
Nominum Data Science Security Report, Fall 2016
Nominum Data Science Security Report, Fall 2016Nominum Data Science Security Report, Fall 2016
Nominum Data Science Security Report, Fall 2016Brian Metzger
 
Nominum 2016 Fall Data Revelations Security Report
Nominum 2016 Fall Data Revelations Security ReportNominum 2016 Fall Data Revelations Security Report
Nominum 2016 Fall Data Revelations Security ReportYuriy Yuzifovich
 
02_Security_Audit_-_Common_Cyber_Attacks_9.pdf
02_Security_Audit_-_Common_Cyber_Attacks_9.pdf02_Security_Audit_-_Common_Cyber_Attacks_9.pdf
02_Security_Audit_-_Common_Cyber_Attacks_9.pdfRakeshPatel583282
 
Top 15 security predictions for 2017
Top 15 security predictions for 2017Top 15 security predictions for 2017
Top 15 security predictions for 2017Accelerate Tech
 
Cybersecurity | Risk. Impact. Innovations.
Cybersecurity | Risk. Impact. Innovations.Cybersecurity | Risk. Impact. Innovations.
Cybersecurity | Risk. Impact. Innovations.Vertex Holdings
 
Symantec Website Threat Report Part-1 2015
Symantec Website Threat Report Part-1 2015Symantec Website Threat Report Part-1 2015
Symantec Website Threat Report Part-1 2015RapidSSLOnline.com
 
Aon Cyber Newsletter v10
Aon Cyber Newsletter v10Aon Cyber Newsletter v10
Aon Cyber Newsletter v10Graeme Cross
 
Cyber Security Vulnerabilities
Cyber Security VulnerabilitiesCyber Security Vulnerabilities
Cyber Security VulnerabilitiesSiemplify
 
Why Cybersecurity is a Data Problem
Why Cybersecurity is a Data ProblemWhy Cybersecurity is a Data Problem
Why Cybersecurity is a Data ProblemBernard Marr
 
Rpt paradigm shifts
Rpt paradigm shiftsRpt paradigm shifts
Rpt paradigm shiftsmalvvv
 
Rpt paradigm shifts
Rpt paradigm shiftsRpt paradigm shifts
Rpt paradigm shiftsmalvvv
 
Ransomware: Attack, Human Impact and Mitigation
Ransomware: Attack, Human Impact and MitigationRansomware: Attack, Human Impact and Mitigation
Ransomware: Attack, Human Impact and MitigationMaaz Ahmed Shaikh
 
Internet security threat report 2013
Internet security threat report 2013Internet security threat report 2013
Internet security threat report 2013Karim Shaikh
 
Lessons learned from 2017 cybersecurity incidents, 2018 and beyond
Lessons learned from 2017 cybersecurity incidents, 2018 and beyondLessons learned from 2017 cybersecurity incidents, 2018 and beyond
Lessons learned from 2017 cybersecurity incidents, 2018 and beyondAPNIC
 
Nearly 80 billion dollars were spent in 2016 to fight cybercrime
Nearly 80 billion dollars were spent in 2016 to fight cybercrimeNearly 80 billion dollars were spent in 2016 to fight cybercrime
Nearly 80 billion dollars were spent in 2016 to fight cybercrimeprcircle
 

Similaire à 12 security predictions for 2012 (20)

What lies ahead? 2016 Cyber Security Predictions from Symantec in the EMEA (E...
What lies ahead? 2016 Cyber Security Predictions from Symantec in the EMEA (E...What lies ahead? 2016 Cyber Security Predictions from Symantec in the EMEA (E...
What lies ahead? 2016 Cyber Security Predictions from Symantec in the EMEA (E...
 
White Paper Example - Brafton for NIP Group.pdf
White Paper Example - Brafton for NIP Group.pdfWhite Paper Example - Brafton for NIP Group.pdf
White Paper Example - Brafton for NIP Group.pdf
 
Cybersecurity Trends 2018: The costs of connection
Cybersecurity Trends 2018: The costs of connectionCybersecurity Trends 2018: The costs of connection
Cybersecurity Trends 2018: The costs of connection
 
Top 15 security predictions for 2017
Top 15 security predictions for 2017Top 15 security predictions for 2017
Top 15 security predictions for 2017
 
Nominum Data Science Security Report, Fall 2016
Nominum Data Science Security Report, Fall 2016Nominum Data Science Security Report, Fall 2016
Nominum Data Science Security Report, Fall 2016
 
Nominum 2016 Fall Data Revelations Security Report
Nominum 2016 Fall Data Revelations Security ReportNominum 2016 Fall Data Revelations Security Report
Nominum 2016 Fall Data Revelations Security Report
 
02_Security_Audit_-_Common_Cyber_Attacks_9.pdf
02_Security_Audit_-_Common_Cyber_Attacks_9.pdf02_Security_Audit_-_Common_Cyber_Attacks_9.pdf
02_Security_Audit_-_Common_Cyber_Attacks_9.pdf
 
Top 15 security predictions for 2017
Top 15 security predictions for 2017Top 15 security predictions for 2017
Top 15 security predictions for 2017
 
Cybersecurity | Risk. Impact. Innovations.
Cybersecurity | Risk. Impact. Innovations.Cybersecurity | Risk. Impact. Innovations.
Cybersecurity | Risk. Impact. Innovations.
 
Symantec Website Threat Report Part-1 2015
Symantec Website Threat Report Part-1 2015Symantec Website Threat Report Part-1 2015
Symantec Website Threat Report Part-1 2015
 
Aon Cyber Newsletter v10
Aon Cyber Newsletter v10Aon Cyber Newsletter v10
Aon Cyber Newsletter v10
 
Cyber Security Vulnerabilities
Cyber Security VulnerabilitiesCyber Security Vulnerabilities
Cyber Security Vulnerabilities
 
Why Cybersecurity is a Data Problem
Why Cybersecurity is a Data ProblemWhy Cybersecurity is a Data Problem
Why Cybersecurity is a Data Problem
 
Rpt paradigm shifts
Rpt paradigm shiftsRpt paradigm shifts
Rpt paradigm shifts
 
Rpt paradigm shifts
Rpt paradigm shiftsRpt paradigm shifts
Rpt paradigm shifts
 
BLURRING BOUNDARIES
BLURRING BOUNDARIESBLURRING BOUNDARIES
BLURRING BOUNDARIES
 
Ransomware: Attack, Human Impact and Mitigation
Ransomware: Attack, Human Impact and MitigationRansomware: Attack, Human Impact and Mitigation
Ransomware: Attack, Human Impact and Mitigation
 
Internet security threat report 2013
Internet security threat report 2013Internet security threat report 2013
Internet security threat report 2013
 
Lessons learned from 2017 cybersecurity incidents, 2018 and beyond
Lessons learned from 2017 cybersecurity incidents, 2018 and beyondLessons learned from 2017 cybersecurity incidents, 2018 and beyond
Lessons learned from 2017 cybersecurity incidents, 2018 and beyond
 
Nearly 80 billion dollars were spent in 2016 to fight cybercrime
Nearly 80 billion dollars were spent in 2016 to fight cybercrimeNearly 80 billion dollars were spent in 2016 to fight cybercrime
Nearly 80 billion dollars were spent in 2016 to fight cybercrime
 

Dernier

KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostMatt Ray
 
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDEADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDELiveplex
 
20230202 - Introduction to tis-py
20230202 - Introduction to tis-py20230202 - Introduction to tis-py
20230202 - Introduction to tis-pyJamie (Taka) Wang
 
Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.YounusS2
 
AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarPrecisely
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxGDSC PJATK
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Commit University
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAshyamraj55
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxMatsuo Lab
 
Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintMahmoud Rabie
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6DianaGray10
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1DianaGray10
 
Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Brian Pichman
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Adtran
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...DianaGray10
 
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesDavid Newbury
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8DianaGray10
 
How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?IES VE
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7DianaGray10
 
Building AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxBuilding AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxUdaiappa Ramachandran
 

Dernier (20)

KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
 
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDEADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
 
20230202 - Introduction to tis-py
20230202 - Introduction to tis-py20230202 - Introduction to tis-py
20230202 - Introduction to tis-py
 
Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.
 
AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity Webinar
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptx
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptx
 
Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership Blueprint
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1
 
Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
 
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond Ontologies
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8
 
How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7
 
Building AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxBuilding AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptx
 

12 security predictions for 2012

  • 2. This time every year, I sit down with my research teams and we talk about what we think the coming year will hold in terms of threats to our customers. It’s an important discussion that helps us not only share with you what we think you need to be prepared for, but also to help guide our direction as we continue to build products and services to help protect you from these threats. This year, as we look ahead, we’ve come up with 12 predictions for 2012 that fall into four main categories: • Big IT trends • Mobile landscape • Threat landscape • Data leaks and breaches In looking at these predictions, what we see in common are trends toward ever more sophisticated attackers and away from the PC-centric desktop. Our hope that new OSs make the world a safer place didn’t work out. This means that our customers in 2012 will need to continue moving toward a more data-centric model for effective security and privacy as they embrace consumerization, virtualization, and the cloud. And we here at Trend Micro need to continue our work in these key areas to help enable our customers to meet and protect against these threat trends in 2012.
  • 3. At Trend Micro, we are always working to understand not just the threats of today, but also the trends of tomorrow; it’s in our company name. That helps us to help you better protect your data and assets. I hope that you find this year’s predictions to be not only interesting, but helpful in making 2012 a safe and secure year. Raimund Genes CTO, Trend Micro
  • 5. Though many organizations are still uncomfortable with consumerization, security 1 and data breach incidents in 2012 will force them to face BYOD-related challenges. The Bring-Your-Own-Device (BYOD) Era is here to stay. As more and more corporate data is stored or accessed by devices that are not fully controlled by IT administrators, the likelihood of data loss incidents that are directly attributable to the use of improperly secured personal devices will rise. We will definitely see incidents of this nature in 2012.
  • 6. The real challenge for data center owners will be dealing with the increasing complexities of securing physical, virtual, and cloud-based systems. 2 While attacks specifically targeting virtual machines (VMs) and cloud computing services remain a possibility, attackers will find no immediate need to resort to these because conventional attacks will remain effective in these new environments. Virtual and cloud platforms are just as easy to attack but more difficult to protect. The burden will thus fall on IT administrators who have to secure their company’s critical data as they adopt these technologies. Patching a big array of virtualized servers is a challenge, allowing hackers to hijack servers, to fork traffic, and/or to steal data from vulnerable systems.
  • 8. Smartphone and tablet platforms, especially 3 Android, will suffer from more cybercriminal attacks. As smartphone usage continues to grow worldwide, mobile platforms will become even more tempting cybercriminal targets. The Android platform, in particular, has become a favorite attack target due to its app distribution model, which makes it completely open to all parties. We believe this will continue in 2012 although other platforms will also come under fire.
  • 9. Security vulnerabilities will be found in legitimate 4 mobile apps, making data extraction easier for cybercriminals. To date, mobile platform threats come in the form of malicious apps. Moving forward, we expect cybercriminals to go after legitimate apps as well. They will likely find either vulnerabilities or coding errors that can lead to user data theft or exposure. Compounding this further is the fact that very few app developers have a mature vulnerability handling and remediation process, which means the window of exposure for these flaws may be longer.
  • 11. 5 Even though botnets will become smaller, they will grow in number, making effective law enforcement takedowns more difficult to realize. Botnets, the traditional cybercrime tool, will evolve in response to actions taken by the security industry. The days of massive botnets may be over. These may be replaced by more, albeit smaller but more manageable, botnets. Smaller botnets will reduce risks to cybercriminals by ensuring that the loss of a single botnet will not be as keenly felt as before.
  • 12. Hackers will eye nontraditional targets so flawed Internet-connected equipment, ranging from SCADA-controlled heavy 6 industrial machinery to medical gadgets, will come under attack. Attacks targeting supervisory control and data acquisition (SCADA) systems as well as other equipment accessible via networks will intensify in 2012 as certain threat actors go beyond stealing money and valuable data. STUXNET and other threats in 2011 highlighted how SCADA has become an active target. Proof-of-concept (POC) attacks against network-connected systems, including medical equipment, are expected to ensue.
  • 13. 7 Cybercriminals will find more creative ways to hide from law enforcement. Cybercriminals will increasingly try to profit by abusing legitimate online revenue sources such as online advertising. This will help them hide from the eyes of both law enforcement and antifraud watchdogs hired by banks and other financial agencies.
  • 15. More hacker groups will pose a bigger threat to 8 organizations that protect highly sensitive data. Online groups such as Anonymous and LulzSec rose to prominence in 2011, targeting companies and individuals for various political reasons. These groups are likely to become even more motivated in 2012. They will become more skilled both at penetrating organizations and at avoiding detection by IT professionals and law enforcement agencies. Organizations will have to deal with this new threat and to increase their efforts to protect vital corporate information.
  • 16. The new social networking generation will 9 redefine “privacy.” Confidential user information is ending up online, thanks in large part to users themselves. The new generation of young social networkers have a different attitude toward protecting and sharing information. They are more likely to reveal personal data to other parties such as in social networking sites. They are also unlikely to take steps to keep information restricted to specific groups such as their friends. In a few years, privacy-conscious people will become the minority—an ideal prospect for attackers.
  • 17. As social engineering becomes mainstream, SMBs will become easy targets. 10 To date, the craftiest social engineering ploys have been directed against large enterprises. However, cybercriminals are now so adept at social engineering that the effort to target companies individually—big or small—is becoming less costly. This and the greater volume of personal information available online will allow cybercriminals to launch more customized and fine-tuned attacks against small and medium-sized businesses (SMBs). As in previous attacks against SMBs, cybercriminals will continue focusing on gaining access to companies’ online banking accounts.
  • 18. 11 New threat actors will use sophisticated cybercrime tools to achieve their own ends. Targeted attacks will continue to grow in number in 2012. Cybercriminals will not be the only ones using these attacks, however. As the effectiveness of advanced persistent threats (APTs) becomes more obvious, other parties such as activist groups, corporations, and governments will find themselves using similar cybercrime tools and tactics to achieve their goals.
  • 19. 12 More high-profile datainfection incidents via malware loss and hacking will occur in 2012. High-profile attacks will continue to hit major organizations in 2012. Important and critical company data will be extracted through malware infection and hacking. As a result, significant data loss incidents will ensue, potentially affecting thousands of users and their personal information. These incidents can result in significant direct and indirect losses to concerned parties.
  • 20. TREND MICRO™ Trend Micro Incorporated, a global cloud security leader, creates a world safe TREND MICRO INC. for exchanging digital information with its Internet content security and threat 10101 N. De Anza Blvd. management solutions for businesses and consumers. A pioneer in server Cupertino, CA 95014 security with over 20 years of experience, we deliver top-ranked client, server, and cloud-based security that fits our customers’ and partners’ needs, stops new US toll free: 1 +800.228.5651 threats faster, and protects data in physical, virtualized, and cloud environments. Phone: 1 +408.257.1500 Powered by the Trend Micro™ Smart Protection Network™ infrastructure, our Fax: 1 +408.257.2003 industry-leading cloud-computing security technology, products, and services www.trendmicro.com stop threats where they emerge, on the Internet, and are supported by 1,000+ threat intelligence experts around the globe. For additional information, visit www.trendmicro.com. ©2011 by Trend Micro, Incorporated. All rights reserved. Trend Micro and the Trend Micro t-ball logo are trademarks or registered trademarks of Trend Micro, Incorporated. All other product or company names may be trademarks or registered trademarks of their owners.