Experts Predict Bad Year Ahead for Cyber-crime, Cyber-terrorism

According to information released by Risk Bloggers, security and risk management experts around the world predict information security events will occur in 2007, with sophisticated criminal groups increasingly exploiting technology to keep one step ahead of consumer and corporate defenses, resulting in unprecedented losses.

Some key vulnerabilities cited were large groups of zombie computers organized into Botnets, web server security holes and uncontrolled mobile devices, such as portable storage and smart phones.

"Attack methodologies will become dramatically more sophisticated and dangerous," said Dave Cullinane, Chief Information Security Officer and co-founder of the Alliance for Enterprise Security Risk Management. "The risk of cyber-terrorism will continue to increase as world tensions increase. Lack of preparation and plans to deal with the consequences place countries and businesses at significant risk."

Security expert and best selling author Ira Winkler feels these attacks will often use Botnets. "Botnets will create the largest losses and potentially large scale Internet outages. Botnets enable spam, spim, phishing attacks, distributed denial of service attacks, extortion, etc. The attacks result in billions of dollars of thefts, millions of dollars of extortion, and billions of dollars in productivity loss."

The experts also cited a related threat, the web browser security problem. The Chief Technology Officer of Atlanta-based security company SPI Dynamics, Caleb Sima, stated that web tools that are used by software developers are the key enabler for these hackers. He adds that in 2007, "The security of the web application becomes the #1 concentration of security teams."

Joel Scambray, Chief Strategy Officer of Leviathan Security and noted author, says in addition, corporations are increasingly losing control of their own networks, "...applications and data continue to perforate everything (inbound and out) and mobility proliferates beyond anything we've yet imagined."

Of the experts interviewed, none expect any significant action by the government to address these issues this year and some felt that businesses do not have the basic understanding of how important information security and the Chief Information Security Officer (CISO) are to these threats. According to Scambury, CISO job security is tenuous and to "expect more churn as exec management continues to struggle with how to integrate security as a business imperative rather than a bolt-on."

From a business point of view, the information security industry may break out of its many year drought of initial public offerings (IPOs). A partner with a leading venture capital firm, Greylock Partners, Asheem Chandna says, "It has been many years since we have seen any security companies go public. We will see 3+ security company IPOs on Nasdaq in 2007. The security sector will remain over funded, though we will see a decline of new venture dollars into the security sector in 2007. 2007 will continue to be an active year for security M&A (mergers and acquisitions)."

To view the full feature, "Ready or Not, Here Comes 2007" visit http://www.riskbloggers.com/jimreavis/2007/01/ready-or-not-here-comes-2007

You may like these other stories...

Is it time to consider a value added tax?Forbes contributor Joseph Thorndike wrote yesterday that he believes the tax reform proposal by House Ways and Means Committee Chairman Dave Camp (R-MI) was dead on arrival. But he...
Read more from Larry Perry here and in the Today's World of Audits archive.The planning phase of an audit engagement of an entity using US GAAP or a special purpose framework will, with minor differences, include similar...
Internal audit: Know when to discloseIn an excerpt from his book, Lessons Learned on the Audit Trail, Institute of Internal Auditors President and CEO Richard F. Chambers said if you analyze enough audit reports, you can...

Upcoming CPE Webinars

Apr 22
Is everyone at your organization meeting your client service expectations? Let client service expert, Kristen Rampe, CPA help you establish a reputation of top-tier service in every facet of your firm during this one hour webinar.
Apr 24
In this session Excel expert David Ringstrom, CPA introduces you to a powerful but underutilized macro feature in Excel.
Apr 25
This material focuses on the principles of accounting for non-profit organizations' revenues. It will include discussions of revenue recognition for cash and non-cash contributions as well as other revenues commonly received by non-profit organizations.
Apr 30
During the second session of a four-part series on Individual Leadership, the focus will be on time management- a critical success factor for effective leadership. Each person has 24 hours of time to spend each day; the key is making wise investments and knowing what investments yield the greatest return.