> SECURITY > Security Consulting & Integration >
A+ A-

5 key challenges for future security
Mobility, Cloud Computing, m-payments, social networking and virtual worlds... where will the new threats come from?

A quick tour of some issues that will becoming increasingly important in the future.

The threats that weigh down on information systems are constantly evolving... No-one really knows where tomorrow’s cyber-pirates will focus their attacks, but the latest studies throw light on hundreds of imminent dangers. Here is a rapid snapshot of some of them:

  • Already, virtual worlds and social networks are everywhere, and so far they have not stopped evolving... or tempting Net pirates to a greater and greater extent. Just by way of example, every day the transactions carried out on Second Life represent over a million US$! Inevitably, that is going to attract greedy people… What is more, Web 2.0 makes it much easier than before to incorporate malicious code into the pages people visit. Attacks will be increasingly carefully targeted, with the aim of stealing people’s identities and transferring financial assets from the virtual world to the real one…
  • By the end of 2008, the human race will own four billion mobile phones! The mind boggles at this figure, and inevitably it will attract some ‘crooks’. At the same time, eve though attack software that results in denial of service already exists ‘in the lab’, it is less likely that it will become widespread. Today’s hackers are driven more by greed than a desire for celebrity! But banks are beginning to offer services (such as payments, transaction validation, etc.) via mobile networks – so the phone acts as the terminal, with its operating system, its applications and its own weaknesses… The market for mobile payments (or ‘m-payment’) is still in its infancy, but should promise a great future…
  • At the moment, there is no limit in sight to mobility! Portable computers are constantly taking a larger share of the market – not to mention ‘smartphones’ and other intelligent mobile devices. In fact, the mobile user is increasingly well connected, and is becoming a sought-after target. Nowadays, when you pick up a ‘mobile’ device, you have access to the whole information system, with all the attendant privileges…  Usually, it is mobile users who are given the most extensive access within the enterprise. As a result, here too, all kinds of crooks and thieves (not just organized criminal gangs, but sometimes also competitors, even government agencies…) are looking for ‘openings’ to access the organization’s critical or confidential information
  • In the wake of the distributed computing revolution, the vision of re-centralization is coming back into view, with ‘Cloud Computing’, software-as-a-service (SAAS), ‘Software+Services’… delivering computing on demand just as simply as water or electricity. This is a major step forward. Just so long as the ‘computing power plants’ of the future do not become ideal targets for hackers or terrorists... In 2008, a simple power failure cut off access to business data stored on Amazon EC2 for thousands of companies. You can just imagine the economic impact of a concerted, large-scale attack…
  • And finally, let us briefly explore more ‘exotic’ threats that might nevertheless pose real problems to organizations, even society as a whole. For example, rigging of voting machines or modification of traffic information for GPS systems… On this last point, just imagine a vehicle fleet, managed using GPS, with drivers who think they are ‘on the right route’, but who in fact have been diverted right into the path of an actual robbery... Or a hijacker sending a false GPS signal to a plane in mid flight, to display an incorrect position and time. Which could drive two aircraft into a mid-air collision!... The techniques to do this already exist, even though they remain almost inaccessible to anyone and everyone…

There is no limit to human imagination – for better or for worse – and that includes crooks and hijackers… Which is why it has never been so vital to carry on identifying the risks, implementing an appropriate level of protection depending on the relevant business processes, and keep watch, constantly, resolutely... keep watch for what may be around the corner...

Retour haut de page
Print page.Send page.Share on Facebook.Share on Linkedin.Share on Viadeo.Share on Technorati.Share on Digg.Share on Delicious.Bookmark this page on Google.Share on Windows Live.Share on Twitter.
A security regime to liberate your organization

Go on the offensive, and guarantee trust >
More info
By Hassan Maad, General Manager, Bull Evidian