BANGALORE, INDIA: Here are security trend predictions for 2011 by Symantec:

• Critical Infrastructure will increasingly come under attack and service providers will respond, but Governments will be slow to react

Stuxnet is a worm that affected industrial control systems in as many as 155 countries, including India, which was the third-most affected country. Attackers have likely been watching the impact the Stuxnet threat had on industries using industrial control systems and are learning from it. We expect them to take the lessons learned from Stuxnet – the most significant example of a malware designed to modify the behavior of hardware systems to create a real-world impact – and launch attacks targeting critical infrastructure in 2011. Though slower to start, expect the frequency of these types of attacks to increase as well.

• Zero-day vulnerabilities will become more common as highly targeted threats increase in frequency and impact

In 2010, Hydraq provided a high-profile example of highly targeted threats seeking to infiltrate specific organizations or a particular computer system by leveraging previously unknown software vulnerabilities. Attackers have been using such holes for years, but as targeted threats gain momentum in 2011, prepare to witness more zero-day vulnerabilities coming to light. Symantec has already seen this trend begin. In all of 2009 Symantec observed 12 zero-day vulnerabilities. Till date, Symantec has already tracked 18 zero-day vulnerabilities this year that were or are being used in cyberattacks. In fact, Stuxnet alone used a record four zero-day vulnerabilities.

• Exponential adoption of smart mobile devices that blur the line between business and personal use will drive new IT security models

The use of mobile devices such as smartphones and tablets is growing at an unprecedented pace. A recent Symantec study revealed that nearly three-fourths of Indian enterprises are experiencing growth in smart phones. Enterprises will gravitate to new security models to keep data on and accessible through these devices safe.  This creates security and management challenges for IT organizations, consumers and communication service providers. Mocana research indicates that attacks against smart mobile devices already require or will require by year’s end the regular attention of IT staff for 65 percent of enterprises.

• Regulatory compliance will drive adoption of encryption technologies more than data breach mitigation

Enterprises are under increasing pressure to meet several regulatory compliance standards. The typical Indian enterprise is exploring 19 different standards or frameworks – eight of which they are currently using. Many organizations do not disclose when mobile devices containing sensitive data are lost. This year, we expect regulators will crack down on this, driving organizations to implement encryption technologies. In 2011, organizations will adopt encryption technology to meet compliance standards and avoid the heavy fines and damage to their brands a data breach can cause.

• A New frontier in politically motivated attacks will emerge

In the past, politically motivated attacks primarily fell in the realm of cyber espionage or denial-of-service attacks against Web services. However, with the Pandora’s box now opened due to Stuxnet, expect to see these threats move beyond spy games and annoyances as malware is weaponized to cause real-world damage. Symantec thinks Stuxnet is possibly just the first highly visible indication of attempts at what some might call cyber warfare that have been happening for some time now. In 2011, more indications of the ongoing pursuit to control the digital arms race will come to light.

(Shantanu Ghosh, Vice President, India Product Operations, Symantec)