By Murtaza Bhatia, National Manager, Professional Services Security & iBOSS for Datacraft India Ltd.

INDIA: In lieu of the current economic slump, organizations are looking for unconventional methods to cut costs and lower expenditure on necessities. Hardware consolidation, power reduction, decreased space and cooling requirements and reduced IT staff time are all methods being implemented.

In the scenario of cost cutting, organizations often forget to take “security” into measure. Managers need to be weary of threats to their virtual data and also to their physical machines, plus additional threats stemming from the virtualized environment that need to be addressed. With the expected increase in cyber crime, threats will continue to grow in number and sophistication. During the cost-to-benefit portion of risk analysis, organizations should make sure to measure the values and costs of the new security control in each of these areas.

Compliance may always be an issue. While organizations are getting smarter and being more prepared, cyber crime operators are going one step ahead by actively exploiting code on popular, trusted web sites where users have an expectation of effective security. Organizations need to be wearier of Compliance tools to avoid this.

The so-called 'Storm worm' is a great example of sophisticated botnets, installing root kits and making each infected system a member of a new type of botnet. Economic espionage will be increasingly common as nation-states use cyber theft of data to gain economic advantage in multinational deals. Mobile phone threats, especially against iPhones and Android-based phones; Mobile phones are now lesser-computers, therefore viruses, and other malware will increasingly target them.

The developer toolkits provide easy access for hackers. And hackers are taking note. In short, the VoIP attack surface is enormous. Insider attacks, initiated by rogue employees, consultants or contractors need to be taken care of and Organizations need to put into place substantial defenses against this kind of risk, one of the most basic of which is limiting access according to what users need to do their jobs.