Internet Security Predictions for 2011: The Shape of Things to Come

1. Critical Infrastructure To Be Increasingly Targeted By Cyber Threats, but Governments Will Be Slow to React

2

Critical Infrastructure To Be Increasingly Targeted By Cyber Threats, but Governments Will Be Slow to React

• Stuxnet – a computer virus designed to modify the behavior of hardware systems to create a physical, real-world impact – has opened Pandora’s Box. Additional attacks targeting critical infrastructure will occur in 2011.

• A high level of awareness among critical infrastructure providers of the new class of threats that exist will push these providers to move forward with cybersecurity precautions in 2011.

• Given the recent widespread changeover in the U.S. Congress after November’s elections, it is unlikely that we will see much movement in this regard from the government this year. Critical Infrastructure Protection legislation and government initiatives in other countries also face challenges.

3

2. Cyber Attacks to Become More Frequent, More Targeted and More Impactful

4

Cyber Attacks to Become More Frequent, More Targeted and More Impactful

• Last January Hydraq, a.k.a Aurora, provided a high-profile example of a growing class of highly targeted threats that seek to infiltrate either specific organizations or a particular type of computer system. These attacks take advantage of previously unknown software vulnerabilities and are also known as “Zero-day vulnerabilities” because they occur a day before (the “zeroth” day) developers are aware of them. As these targeted threats gain momentum in 2011, we will witness more zero-day vulnerabilities coming to light in the next 12 months than in any other previous year.

• Since no one but the bad guys are aware of these security “holes” prior to the attack, using zero-day vulnerabilities is an effective means to improve an attacker’s odds that the targeted device(s) or computer(s) will be largely defenseless against their assault.

• In 2009 Symantec observed a total of 12 of these zero-day vulnerabilities. As of early November 2010, Symantec has already tracked 18 previously unknown security vulnerabilities. Nearly half of these – possibly more – have been used by targeted threats such as Stuxnet, Hydraq, Sykipot and Pirpi.

5

3. Adoption of Smartphones Blur the Line Between Business and Personal

6

Adoption of Smartphones Blur the Line Between Business and Personal

• Gartner Research predicts that, by year’s end, 1.2 billion people will be using mobile phones capable of rich Web connectivity. In 2011, businesses will have to adopt new security models to keep the sensitive data on (and accessible through) these devices safe.

• Increasingly, the same mobile devices are being used for both personal and business use. This creates complex security and management challenges for three key groups: Consumers, Information Technology (IT) organizations, and communication service providers.

• As devices grow more sophisticated and their adoption more prolific, it is inevitable that attackers will home in on mobile devices and that they will become a leading source of confidential data loss.

• Research by Mocana, a security software company that delivers comprehensive protection for “smart” devices, indicates attacks against smart mobile devices already require (or will require by year’s end) the regular attention of IT staff for 65 percent of organizations surveyed. In 2011, businesses will have to address this issue by adopting new security solutions that will work seamlessly across multiple platforms and devices.

7

4. New Laws Lead Businesses to Adopt Better SecurityMitigation

8

New Laws Lead Businesses to Adopt Better Security

• The explosion of mobile devices not only means organizations will face new challenges in keeping these devices and the sensitive data on them safe; they also must comply with a veritable alphabet soup of regulatory compliance standards.

• The Ponemon Institute’s 2010 Annual Study: U.S. Enterprise Encryption Trends study revealed that, for the first time, regulatory compliance has surpassed data breach mitigation as the top reason why organizations deploy encryption technologies (Technologies which allow you to scramble data into an unreadable form to ensure privacy).

• Despite regulations, many organizations still do not disclose when mobile devices containing sensitive data are lost. In fact, employees do not always report these lost devices to their organizations. This year, we expect regulators will start cracking down on this issue.

• In 2011, we will see organizations across the board take a more proactive approach to data protection with the adoption of encryption technology in order to meet compliance standards and avoid the heavy fines, and damage to their brands, that a data breach can cause.

9

5. Politically Motivated Cyber Warfare to Increase

10

Politically Motivated Cyber Warfare to Increase

• A recent Symantec study found that more than half of all firms surveyed said they suspected, or were pretty sure, that they had experienced an attack waged with a specific political goal in mind.

• In the past, politically motivated attacks primarily fell in the realm of cyber espionage or denial of service-type attacks against Web services (where a large group of computers under the control of a cybercriminal simultaneously are made to visit a particular website, causing it to crash). However, Stuxnet has opened Pandora’s Box. Expect to see these threats move beyond spy games and annoyances as online threats become “weaponized,” with the goal to cause real-world damage.

• Symantec thinks Stuxnet is possibly just the first highly visible indication of attempts at what some might call “cyber warfare” that have been happening for some time now. In 2011, more indications of the ongoing pursuit to control the digital arms race will come to light.

11

Thank you!

Copyright © 2010 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.

This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice.

Thank you!

12

To read more about these trend predictions, please visit:

http://www.symantec.com/connect/blogs/internet-security-predictions-2011-shape-things-come?om_ext_cid=biz_socmed_twitter_facebook_marketwire_linkedin_2010Nov_EOYcampaign