The New Year celebrations are finally over, and with 2008 now in full swing, it's time to take a sobering look at some security predictions that could come to fruition during this year.
Getting right down to business, we can fully expect to see even more mergers and acquisitions. Long story short, the security industry will continue to consolidate. The biggest players will grow even bigger, and the small fish will feed their growth.
We'll also see companies in the security industry change hands as investors move to take advantage of potential revenue streams. One prime example is 3Com, which is in a limbo of sorts as Boston-based Bain Capital and China-based Huawei Technologies work to acquire control of the company. It seems that the US Treasury Department is somewhat suspicious of a Chinese company gaining 15 percent interest in a major computer hardware vendor, particularly one that makes popular security products.
Of course, botnets won't fail to make even more news this year. We're already seeing new companies appear whose sole purpose is to defend against botnet infiltration. As was pointed out in a previous edition of this newsletter (at the URL below), botnets operators are becoming slightly more creative, and as a result, botnets are becoming more difficult to detect. http://www.windowsitpro.com/Article/ArticleID/97851/97851.html
Not to be outdone by botnet creators, proliferators of spyware intend to command their fair share of attention. We've already seen a number of major Web sites (including MLB.com, NHL.com, Monster.com, MySpace, Excite, and others) used to spread malware through banner ads. We've also seen MySpace used to spread worms. In a more recent indication of similar ongoing trends, Facebook is being used to spread a social networking worm that installs spyware onto computers. Some entities are more overt about spreading spyware. Last week, Sears was found to be using suspect methods of installing spyware onto customer computers. You can get links to stories about Facebook and Sears in the Security News and Features section below.
On the wireless front, the field is wide open. Countless numbers of wireless networks remain unprotected, and many willingly allow open access to all comers. I don't see anything wrong with the latter openness. In fact, I find it representative of the same spirit we sometimes forget about and then remember again during the holiday giving season. But an open network does present an enticing lure for Grinch-like criminal minds. Add to that a number of vulnerabilities in wireless routers and not so suddenly, there's room for a real problem to occur.
Researchers at Indiana University ran simulations that reveal how "tens of thousands of Wi-Fi routers \[can become\] infected in as little time as two weeks, with the majority of the infections occurring in the first 24 to 48 hours." So will it happen? Probably. You can read a synopsis of the research at the URL below. You can also find several hundred (if not several thousand) reports about the issue at various sites around the Internet. Use your favorite search engine to look for the terms "Steven Myers" and "WiFi" (or "Wi-Fi"). http://security.informatics.indiana.edu/research.php
Last, but certainly not least, it would seem that the past exposure of millions of people's private information would have gotten nearly everyone's attention--especially the attention of those charged with handling such information. But sadly that isn't the case. Huge data breaches continued throughout 2007, and they will undoubtedly continue throughout 2008 because various handlers of people's private information will miserably fail to adequately protect that information. Shouldn't that be a serious criminal offense? Maybe we'll see a federal lawmaker propose a bill to that effect. But I doubt we'll see that happen in 2008.