Cybercrime, the next generationFebruary 9, 2010: 10:00 AM ET
The popular platforms of today are bound to be the targets of tomorrow
By Kevin Prince, chief technology officer, Perimeter E-Security and Doug Howard, former chief strategy officer
(The following is adapted from the forthcoming book, Security 2020, scheduled to be published later this year.)
The social networking (think Facebook, LinkedIn, Twitter, MySpace) phenomenon is only going to grow. And anytime there is a system, program, or process used by millions of people, criminals look for ways to exploit it.
There have already been worms, scams, viruses, and malware targeting social-networking platforms and their users. In addition, companies have shifted from paper records to electronically stored information. This is especially true within the healthcare industry, and other industries have had similar initiatives the past few years. While these companies are getting more efficient, digitization has opened up new doors for cyber criminals to exploit. As a result, companies will see a huge upswing in the number of data breaches. We predict massive healthcare, financial and retail breaches and fraud.
We also foresee major attacks against networks that control infrastructure and utilities around the world. Some may target mobile phone towers and communications. Others may aim for emergency service communication. Still others might mark hospitals and other critical care facilities.Cyber gridlock?
We could see attacks against satellite systems, including denial of service, orbital positioning attacks and other outage-inducing actions that could do everything from disrupting television shows to paralyzing military systems. Air traffic control, electrical grid, water systems, utilities, and other mission-critical systems are all controlled by computers. The command and control of such systems would be highly prized conquests of individual hackers and cyber crime organizations alike.
More recently allegations have been made toward several nation states and their potential government sponsorship of these attacks. We will continue to find that the former Soviet Republic and China are some of the leaders in this area of cyber warfare and cyber espionage.
How can companies and governments thwart these potential breaches? As we wrote in an earlier column, crime-fighting tactics and technologies always emerge to deal with new threats. In the distant past, the job of the IT staff and information-security professional was more straightforward; they had to protect desktop computers and servers.
Today's cybercrime busters have a more complex job, fending off attacks across many networks, every device type imaginable, and within every operating system and application both on their network and those accessible on the Internet. This includes professional business applications as well as personal applications, social and communication software, and much more. It is a nearly impossible job which few are truly prepared and trained for. The most highly prized targets for criminals are:
- Systems where private or sensitive data is found or can be captured
- Systems that can be controlled that have access to private or sensitive data
- Mission-critical systems or those devices that have access to mission-critical systems.
The good guys are going to have to be vigilant on many fronts if they aim to stay ahead of digital wrongdoers.
Prince is chief technology officer of Perimeter E-Security, a Milford, Conn.-based provider of compliance and information security systems to companies of all sizes. Howard is company's the former chief strategy officer.