An eye on security for 2009

So, what we can expect this year? For one thing, hackers will continue to get creative and leverage user-created content and Web 2.0 applications to create even bigger security concerns for organisations in 2009. Researchers expect to see a rise in special interest attacks - targeting specific groups of people based on interests and profiles.

In addition, spam volumes will continue to increase with spikes and troughs becoming ever more unpredictable, creating risk to the corporate messaging infrastructure and mail delivery. Email will increasingly contain unwanted or malicious links. The number of compromised websites grew in 2008 to surpass the number of created malicious sites. This trend will continue as hackers become more sophisticated and leverage the good reputations of some websites to evade traditional security measures.

Attackers exploit the weakest links within the web infrastructure in order to target the greatest number of internet users. Most vulnerable to these attacks are search engines and large user networks such as MySpace, Facebook or other social networking sites. We've seen a rise in web spam to post URLs to malicious sites within forums, blogs, in the commentary or "talk-back" sections of news sites, and on compromised websites. This activity drives traffic to the infected websites and raises it higher on search engine rankings, increasing the risk that users will visit the site.

Organisations will also make a move toward comprehensive data-centric security that includes not only web and messaging security, but also data security to prevent information loss across all channels. And as spam volumes rocket, hosted solutions will be considered as a means to cut out spam before it hits the corporate network.

Times are undeniably tough and companies must be looking at ways to reduce expenditure and increase their competitiveness. However, adding to the uncertainty, mergers and downsizing raise important questions about the handling of sensitive data.

For instance, how is this data being protected as it transfers ownership? As potentially disgruntled employees exit a business, are they taking data with them? As companies restructure, do they even know how or where their essential information is kept? All of these questions underscore the importance of a well-crafted Data Loss Prevention (DLP) strategy.