/ciol/media/agency_attachments/c0E28gS06GM3VmrXNw5G.png)
Follow UsINDIA: The following are some key security risks, which we feel pose danger to organizations, individuals, and the government. You will notice that we haven't mentioned security threats like viruses, spam, etc., in the list, simply because they would be lurking beneath many of the threats we've described below:
Cyber Warfare
As the name suggests, this comprises of various techniques to use the Internet for conducting warfare in cyber space. This includes cyber espionage to obtain secrets of govt, corporates, or even individuals, DoS attacks to make websites unresponsive, or even more severe types such as sabotaging IT hardware and software of defense systems. Post 26/11 in Mumbai, cyber warfare has gained a lot of attention, simply because terrorists are well-versed with using the latest technologies. They can use cellphones, GPS devices, hack into networks, send and receive encrypted messages, and much more. Cyber warfare is therefore, a potential security risk to everyone.
SMS Ransomware
This is another type of threat to expect in the future. A Trojan would lock your system, and maybe even encrypt certain files on it. It would then ask you to send an SMS to a particular number in order to receive the unlock code for it. In other words, it's holding you to ransom. Possibly the creator of such ransomware would make money out of receiving SMSes, or might even be able to create a large database of mobile numbers, which could be misused later. Some anti-virus software do have the solutions for this. Another way could be to use an external OS system, like LiveOS to boot the system and then remove the Trojan from the system.
Virtualization
Yes, this is the technology that's creating waves in the enterprise world, because it allows you to run more applications on lesser hardware. While that improves efficiency, power consumption, etc, it's also like putting more eggs in fewer baskets. So if one basket gets attacked, then there are many more eggs for the thief to take away.
Mobile devices and wireless networks
The sharp increase in mobile devices like laptops, smartphones, etc., also poses a serious security risk. Since they're outside the physical boundary of the organization, they become difficult to manage. First is the risk of theft. Mobile devices can easily be stolen, if the owner is not careful enough. Another risk is that of the owner plugging it into potentially unsafe networks, catching an infection and later plugging it into the corporate network. A third risk is where the owner installs more number of software on the laptop from the Internet. This increases the chances of malware programs also getting installed on the laptop.
Smartphones are also gaining popularity in the corporate world, and pose another potential security risk. That's because they carry critical data like contact information, emails, etc. Lastly, the proliferation of wireless networks is posing another security risk, especially if you don't secure it using standards like WPA.
Social networking sites
There would hardly be a youngster who hasn't heard of Orkut, FaceBook, or YouTube. These are all icons of the modern Web 2.0 enabled Internet and provide a convenient medium for people to interact with each other, to share apps and data. Hence, the serious security risk. You could get an email, supposedly from a friend to look at a cool new video on YouTube. You click on the link, only to be prompted to install the latest version of Flash to play it. That downloads a malicious application on your machine, and the rest as they say is history. Attacks similar to this are becoming quite common on social networking sites.
VoIP
As more organizations start using IP based communication, their security risk also increases. If the VoIP conversations are not encrypted, then they can easily be captured using freely available network sniffers. These sniffers can easily capture entire conversations and reconstruct them.
Malware
With a growing cyber crime industry, it's only natural for the amount of malware to also grow. Not only is it growing, but it's also becoming more malicious. In fact, malware is being generated faster than the patches that can combat it.
Botnets
Typically, a Botnet refers to a collection of software robots, or bots, that run autonomously. The term is often associated with malicious software but also refers to the network of computers using distributed computing software. Two Botnets have been hogging the limelight: Conficker and Ghostnet. Here's an update.
Conficker: First detected in October last year, it spread by exploiting a vulnerability in Windows that the early variant of this worm propagated through. The latest Conficker variant, Conficker C, downloads a fake antivirus program called Spyware Protect 2009. This program delivers a pop-up message saying that your computer is infected, but for only $49.95 the fake antivirus program can remove the malware. You are then directed to a bogus website where you unwittingly enter your credit card information and then the criminals are laughing all the way to the bank-your bank, that is.
Ghostnet: An operation discovered in March this year, this is a large scale cyber spying movement. It originated from the People's Republic of China and has infiltrated high-value political, economic and media locations in 103 countries. It works by disseminating malware to selected recipients via computer codes attached to stolen emails, thereby expanding the network. GhostNet infection causes computers to download a Trojan known as 'Ghost Rat' that allows attackers to gain complete, real-time control. Infected computers can be controlled or inspected by its hackers, and even has the ability to turn on the camera and audio-recording functions of an infected computer.
Web 2.0 apps
These pose another security threat, especially the ones that offer free online access. How do you know that the free online office suite you're using is safe or not? How do you know that the data you're saving on it remains completely confidential and doesn't get mis-used? Or how about the dozens of online data storage sites, which claim to back up your critical data?
Other sources of security risk
There are several other security risks, which are likely to become common in the near future. One of them is RFID tags, thanks to their growing popularity. RFID tags suffer from the same problem as wireless networks-remote hacking. A hacker could read the information stored on a RFID tag from a distance, without being suspected. Another area that's likely to become a security risk is RIAs, or Rich Internet Applications. An RIA allows the developer to build an application that can interact with the OS, just like an ordinary desktop application. This makes it a point of vulnerability.