According to reports the most serious forthcoming threats to IT security will be revealed during the Gartner Security Summit in Washington this coming week, and it looms like the consumerization of IT will be right there front of stage. Something that Gartner research fellow, John Pascatore, describes as the Gen X - Gen Y problem. In other words, the users who have grown up with a social networking model as the norm being expected to follow an old school approach to IT security which dictates what resources you can use and when and where you can use them. But with the social networking model spilling over into the enterprise, it is almost inevitable that a new generation of threats will emerge that demands a new generation of security thinking.

As Pescatore puts it “the old IT model that tells you what you can do and use is breaking.”

So what is being done to fix the problem, what are the threats that will emerge and how can you protect against them? Unsurprisingly Gartner is not revealing too much of the new security threat landscape ahead of that security summit next week, however Pescatore has given Dark Reading some clues. "Among the main threats on Gartner’s list: attacks on SaaS providers, social network subversion, and desktop utility application attacks" the security site reports.

SaaS seems to be the main focus from what I can read between the lines, with Gartner expecting attackers to "streamline their attacks on organizations" with Saas being a good example of shared application types that could be exploited in this way. “The attacker could go after Proctor & Gamble -- or salesforce.com, which P&G uses, as well as hundreds of others” Pascatore says.

Gartner is also likely to look at social network subversion, leveraging the trust angle of social networks to launch attacks while posing as a friend. Attackers have always exploited trust, so there is no real reason to assume they will exploit trust based networking mechanisms to the full after all.

135 Views
About the Author

A freelance technology journalist for 30 years, I have been a Contributing Editor at PC Pro (one of the best selling computer magazines in the UK) for most of them. As well as currently contributing to Forbes.com, The Times and Sunday Times via Raconteur Special Reports, SC Magazine UK, Digital Health, IT Pro and Infosecurity Magazine, I am also something of a prolific author. My last book, Being Virtual: Who You Really are Online, which was published in 2008 as part of the Science Museum TechKnow Series by John Wiley & Sons. I am also the only three times winner (2006, 2008, 2010) of the BT Information Security Journalist of the Year title, and was humbled to be presented with the ‘Enigma Award’ for a ‘lifetime contribution to information security journalism’ in 2011 despite my life being far from over...