2006 is waning, and it's time to gear up for a new year of security threats. Where will attackers focus their efforts in 2007?
As the end of 2006 rapidly approaches, it's time to start thinking about what new security threats the new year will bring. Despite the large number of new virus, worm, and Trojan reports this year, the amount of significant virus threats shrank to near invisibility.
Meanwhile, phishing and new spam tactics—such as the use of literary quotations to get through filters—ran rampant. However, I don't consider phishing to be a major threat in the corporate setting—yet. While it is a minor problem, sensitive corporate data just isn't something likely exposed in this way.
Spam, on the other hand, is a major expense for businesses. But, despite the new approach of using literary quotes to bypass security measures, my inbox is getting less and less unsolicited e-mail. I guess that means anti-spam filters are beginning to cope—it's certainly not because spammers are reducing their efforts.
But the coast isn't clear quite yet. One thing particularly worrying is the increasing amount of video and image spam. While it's no more dangerous than regular spam, it takes up a lot more bandwidth.
You can also expect that voice over IP (VoIP) implementations will become a bigger target. Companies share a lot of corporate secrets in voice and teleconference calls, so this is a concern you need to keep an eye on. In addition, look for VoIP-related phishing schemes targeting businesses.
Identity theft will continue to grow as a threat—and not just for individuals. Corporate identity theft is also a growing concern. After all, why pick on individuals who have relatively limited assets?
And here's another potential worry: According to an Israeli security firm, PIN numbers are much more vulnerable when using ATMs than previously thought. I haven't been able to pin down the degree of the threat just yet, but it's something to keep in mind.
In addition, companies need to be aware of the indirect effects of these security threats, including how they can affect the business' bottom line. Whether it's lost productivity due to an employee's stolen identity or scams targeting employees at work that could expose the corporate network, threats to individual employees are threats to the company as a whole. That's one more reason to educate users about security threats.
Finally, one thing that likely won't pose a major threat in 2007 is Microsoft's new operating system. Sure, it may turn out to be far less secure than the Redmond giant claims. Regardless, it simply won't be a big player in corporations in 2007 because most IT managers will spend a lot of the year evaluating whether to upgrade now or later. By the time IT's ready to install Windows Vista on any large scale, we should have a pretty good handle on how secure it really is.
Apple patches multiple OS X vulnerabilities
Before you start planning for future security threats, make sure you've patched the current ones. Last week, Apple released updates for a number of known threats in the Mac OS X operating system, patching 31 vulnerabilities in the process.
The threat level for some of these vulnerabilities is critical. Threats include possible denial-of-service attacks, unauthorized system access, and information disclosure. For the appropriate update, check out the Apple Downloads Web page.
Miss a column?
Check out the IT Locksmith Archive, and catch up on the most recent editions of John McCormick's column.
Want to stay on top of the latest security updates? Automatically sign up for our free IT Locksmith newsletter, delivered each Tuesday!
John McCormick is a security consultant and well-known author in the field of IT, with more than 17,000 published articles. He has written the IT Locksmith column for TechRepublic for more than four years.