News

Predictions 2009: Paul Ducklin of Sophos

Paul Ducklin

Paul Ducklin, Sophos' Head of Technology, Asia Pacific, offers his predictions for the security landscape in 2009:

  • Compromised, infected PCs (bots), both at home and at work, will continue to remain the primary source of spam. With many botnets adopting a decentralised, peer-to-peer style of operation, quick wins such as the success of taking down the botnet command-and-control centres hosted by provider McColo.com will become harder to arrange.

  • Web insecurity, notably weakness against automated remote attacks such as SQL injections, will continue to be the primary way of distributing web-borne malware. Cybercriminals can then send innocent-looking spam which link to legitimate, but hacked, web pages. These hacked sites link invisibly onwards to malicious content.

  • Malicious emails will include an increasing proportion of attachments or web links to non-program (non-EXE) files. These will be legitimate-looking data files, such as DOCs and PDFs, booby-trapped with exploits against software vulnerabilities. Viewing these files, which would be harmless on a patched PC, could be invisibly disastrous on an un-patched one.

  • Data leakage will become an ever-larger concern. Many countries already have, or are on the cusp of, introducing strict disclosure laws aimed at stopping companies from sweeping security breaches under the carpet. Even a very restricted data breach, once disclosed, may affect overall trust in your products and services.

  • Identity theft will continue to adversely affect customer loyalty. Every time customers' personal information is put at risk, loyalty is jeopardised. The loyalty of customers is directly linked to a company's ability to safeguard its information. In the year ahead, companies must assure their customers that proper, thorough security measures have been taken so that the risk of a breach is minimal.

  • Computer users will continue to face challenges in securing and controlling their computers as criminals attempt to capitalise on new technology to make money and cause disruption. In addition, threats like identity theft and fraud will still be occurring far into the future because of human mistakes.

  • Controversy over the Australian Government's intention to implement mandatory internet filtering will continue. Unfortunately, this proposal will not influence the issues above, so continued vigilance will be an ongoing requirement for all internet users.