0

According to reports the most serious forthcoming threats to IT security will be revealed during the Gartner Security Summit in Washington this coming week, and it looms like the consumerization of IT will be right there front of stage. Something that Gartner research fellow, John Pascatore, describes as the Gen X - Gen Y problem. In other words, the users who have grown up with a social networking model as the norm being expected to follow an old school approach to IT security which dictates what resources you can use and when and where you can use them. But with the social networking model spilling over into the enterprise, it is almost inevitable that a new generation of threats will emerge that demands a new generation of security thinking.

As Pescatore puts it “the old IT model that tells you what you can do and use is breaking.”

So what is being done to fix the problem, what are the threats that will emerge and how can you protect against them? Unsurprisingly Gartner is not revealing too much of the new security threat landscape ahead of that security summit next week, however Pescatore has given Dark Reading some clues. "Among the main threats on Gartner’s list: attacks on SaaS providers, social network subversion, and desktop utility application attacks" the security site reports.

SaaS seems to be the main focus from what I can read between the lines, with Gartner expecting attackers to "streamline their attacks on organizations" with Saas being a good example of shared application types that could be exploited in this way. “The attacker could go after Proctor & Gamble -- or salesforce.com, which P&G uses, as well as hundreds of others” Pascatore says.

Gartner is also likely to look at social network subversion, leveraging the trust angle of social networks to launch attacks while posing as a friend. Attackers have always exploited trust, so there is no real reason to assume they will exploit trust based networking mechanisms to the full after all.

As Editorial Director and Managing Analyst with IT Security Thing I am putting more than two decades of consulting experience into providing opinionated insight regarding the security threat landscape for IT security professionals. As an Editorial Fellow with Dennis Publishing, I bring more than two decades of writing experience across the technology industry into publications such as Alphr, IT Pro and (in good old fashioned print) PC Pro. I also write for SC Magazine UK and Infosecurity, as well as The Times and Sunday Times newspapers. Along the way I have been honoured with a Technology Journalist of the Year award, and three Information Security Journalist of the Year awards. Most humbling, though, was the Enigma Award for 'lifetime contribution to IT security journalism' bestowed on me in 2011.

1
Contributor
0
Replies
1
Views
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.