Do I call it Twenty-Ten or Two Thousand Ten?

Just not Two Thousand and Ten since that pesky decimal takes us back 10 years.

Eh, either way, the new year and decade brings out all the predictions for the coming year with this one taking the cybercriminal approach.

The various ‘Year in Reviews’ also make appearances since we need to understand where we came from to know where we’re going.

These are always interesting due to the various points of view even if many of the predictions are the same: social media threats, not necessarily more but smarter malware/botnets, using the cloud for crime, financial DDoS, rogue software, Mac and Mobile malware, more breaches and a whole host of others.  Compliance and Health Care, while not threats, seem to be the areas of security focus in the coming year along with online banking.

From a government perspective, while much has been written about compromised drones and Warplanes, the real concern at the Pentagon is Electronic Espionage – breaching the network.  Being able to not only see data, such as intelligence reports, but manipulate the data.  Imagine if an ammo request was intercepted and changed to reflect a new delivery location.  That would be bad.  I’ve written about Corporate Espionage as part of the 26 Short Series and do think it’ll continue. 

Trade Secrets, product plans and customer data are all tasty treats to the cybercriminal.  One of the reasons I think that this type of data is a target is due to regulatory compliance, but maybe not in the way you  think.  I look at it from a more ‘human nature’ position. 

The more locked up, secret, hidden or protected something is, creates a perception of greater value or worth.  If you see a door with 5 locks on it verses one with just a single lock, you’d probably think that Door Number 1 has the good stuff since more protection was deployed.  If you’ve ever walked through the Tower of London to see the Crown Jewels, you’ve also seen the huge, thick vault doors that keep them safe at night.  With all that security, it must be extremely valuable. 

In some ways I think compliance creates the same ‘perception’ and increases the attack potential.  Companies are required by law to protect, store, encrypt and generally safeguard certain private/sensitive data – the crown jewels so to speak.

Don’t get me wrong, I’m not advocating to ignore compliance and current regulations – such as PCI – are needed.  I even think some could go a little further in prescribing security protections but it also tells cybercriminals – this is the good stuff.  If you want a huge score, hit here.

We might see an increase in Gas Station terminal thefts as we get closer to the July 2010 PCI deadline for unattended, Point-of-Sale PIN entry devices as thieves probably want to beat the deadline too.  2009 proved that while little scams and thefts will continue, it’s the big breach of regulated data that gets the biggest payout and the most news coverage.  That’s what I see coming in 2010.

ps

Related Resources

• Will you Comply or just Check the Box?
• Innovative Web Protection and Compliance
• DNS Security for web-based applications
• Accelerating Your (Secure) Ride to the Cloud: Fasten Your Seatbelts