These threats are dramatically increasing security complexity. But they’re not the only issues concerning businesses. There’s also the simple mistake, or moment of carelessness by a trusted employee when handling data, which can have far-reaching consequences unless the risks are mitigated.
So what specific threats should organizations be preparing for during the coming year? And what are the implications for business IT security infrastructures? Based on our research and feedback from customers, here are Check Point’s thoughts and projections for 2011 and into 2012.
Be Web 2.0 wary
While malware, phishing attacks, Trojans and key-loggers continued to proliferate on Internet applications, the emergence of more rich-media capabilities in Web 2.0 apps and mobile devices will increase the number of drive-by-downloads and sophisticated, blended attacks.
For example, embedded videos and links in social networking pages are becoming popular spots for hackers to embed malware. The more employees that use rich media and Web 2.0 applications in an organisation, the greater the chance of unwittingly exposing the company to an attack – unless the right protection is in place.
Fitting new Windows
According to the Check Point survey mentioned earlier, 7% of organizations have already made the leap to Windows 7 and another 54% plan to migrate in the next two years. In addition, organizations are using an average of nine different vendors to secure their organization's infrastructure from the network to the endpoint, creating difficulties in security management, loss in productivity and potential security holes in between the individual products.
Businesses may find that Windows 7 migration is a good time to look at the number of security vendors’ solutions they are using and decide to consolidate endpoint security solutions. Because Windows 7 presents a clean slate for the OS, it can be a clean slate for security as well.
Virtualization security becomes real
Businesses are starting to leverage virtualization technologies as an additional layer of security defense, supplementing traditional security solutions. Examples include browser and session virtualization that segregates and secures corporate data from the Internet – allowing users the freedom to surf with full protection against drive-by-downloads, phishing attempts and malware.
Taking it with you: mobile working and consumerization
Mobile computing is no longer a trend but a way of life for most businesses. 54% of the organizations we surveyed anticipated that their remote users will increase in numbers in 2011. In part, this is driven by employees demanding remote access to business applications, data and resources – connecting from both corporate and personally-owned devices.
The majority of organizations surveyed were also concerned that growth in remote users will result in exposure to sensitive data – with security threats including unauthorized network access and user management complexity.
In 2011, attackers will identify new ways to obtain data from mobile devices, encouraging enterprises to adopt new solutions that give employees secure mobile access to the corporate network, and that work across a range of mobile devices running on Apple, Android, Symbian and Windows PC platforms.