Some things never change: Part One

In Information Security ByTeam Acumin / 19th January 2012

The New Year doesn’t necessarily mean change. It becomes accepted wisdom that once the seconds begin ticking away past midnight on January 1st, things are suddenly different. That the world changes. That we change. If you really look at it hard it’s just a symbolic act. Time, as we know, is relative. Nothing is absolute and some things never do change.

We were thinking about this, back in the office after a well-earned break – though security professionals will know that in our industry we find it hard to switch off our respective gadgets full stop, let alone for Christmas. In particular, the topic of conversation was the continuing persistence of security threats to the information security & risk management sector.

Now, although this is an area we would like to see undergo dramatic change, namely a reduction in the amount of illicit behaviour that goes on – the eradication of it being wishful thinking perhaps – the sad truth is that security threats, on a huge scale, will continue to pose a challenge to everyone.

Hence the importance of what people like yourself do – be that working in government & compliance, in cyber security, or as an ethical hacker. Our work is inherently valuable to the fabric of society, to a degree that is not that well understood. Like Batman, we don’t do what we do for the applause (though respect from our peers is always welcome). We do it because we believe in our work.

So, what should we be looking out for in 2012? A simple glance backwards helps identify three continuing strands: drive-by downloads, mobile malware and shopping security. With the latter, it’s the authenticity of fraudulent websites that was and will continue to be a big problem. Bogus shopping sites look the part.

With regards to mobile malware, smartphones and tablets, the fashionable choice these days, are open to attacks not necessarily because of the lack of protection out there, but because many consumers are one) not so au fait with security systems, two) unaware of how open their devices are to corruption and three) having quite a nonchalant attitude to all.

Drive-by downloads, a somewhat exotic catchphrase, saw a sizeable increase in 2011. It can occur in three ways – downloaded by a user but without full knowledge as to what the implications are; downloaded without any knowledge; and the download of a virus, again without knowledge. Once downloaded, a website is “hijacked” and users susceptible to being targeted. This is one to watch out for in particular this year.

Part two will follow soon, but in the meantime, think about your own experiences as to what you saw over the course of the last 12 months and how that was similar and dissimilar to the previous year and the one before that. Post a comment below and we’ll see what trends we can identify. Some things never change, but then again, the world is full of surprises. Humans are always capable of producing new concepts, ideas and software…good and bad.