KEY POINTS:
Some interesting pieces of security knowledge came about this year.
One of the biggest, we knew all along - not very much spam actually ever came from New Zealand, and what did probably wasn't quite enough to warrant legislation. Although a bit of future-proofing won't do any harm.
Auckland software engineer and ethical hacker Beau Butler found a flaw in Windows that left millions of PCs worldwide vulnerable to attack. He emailed Microsoft about it, was studiously ignored and then told a newspaper about it. Not surprisingly, Seattle's finest quickly jumped on it, apparently missing out on their Thanksgiving feasts as a result.
Another recent one was a big surprise to many - it is perfectly possible for an alleged teenage cyber crimelord to appear out of small Coromandel town, wreak havoc on the web and attract the attention men in dark suits with earpieces. It also bought words like 'botnet' into the mainstream and the term 'botherder' seemed to excite newsreaders.
You never know, next year could see something even more earth-shattering.
Kiwi-based IT security specialists Marshall have picked their top five security risks for 2008 - some very familiar scams and attacks make the list, but new entries like virtualisation are gradually opening up a whole new set of challenges.
1. Continued growth and risks from spam
As volumes continue to swell, spam will remain the number one security issue impacting businesses in 2008. Spam will also continue to be about advertising products (Viagra, watches), however scam spam designed to steal money from users will become more pervasive in 2008.
Marshall expects spammers will increasingly use information acquired from social networking sites and data theft to launch more targeted and sophisticated scams in 2008.
2. Increased scale and sophistication from botnet attacks
We can expect to see more professional botnets with similar or even greater power than the Storm botnet.
Last month, we identified the "Celebrity Spam Gang" and found they are also responsible for generating up to 20 per cent of the world's spam. Marshall's pick is that there will be more large-scale botnet activity from a select number of organised crime gangs over the coming 12 months.
3. More social networking and Web 2.0 scams
Increasingly Web 2.0 sites such as Facebook, LinkedIn and YouTube will continue to be a big target for malware writers in 2008.
User suspicion levels are lower when accessing familiar sites such as these and they are more likely to open a message purporting to be from these sites.
4. News security risks from virtualisation
Virtualisation is expected to grow rapidly over the next few years. According to Gartner, 70 per cent of large organisations plan to use virtualisation by 2010 to collapse some or all of their data management zones.
At present there are few vulnerabilities known, but with the increasing reliance on virtualisation, it is only a matter of time before attackers begin identifying vulnerabilities and targeting virtualised environments.
5. Focus on the risks of data leakage/mobility
Data leakage will remain a significant security issue in 2008. Many vendors are incorporating limited data leakage capabilities into their gateway solutions. This has led to many organisations becoming complacent about data leakage, believing they are adequately protected.
In addition, the growing number of mobile workers or 'Road Warriors' is leaving organisations even more exposed to data leakage or theft. End point security is a growing requirement for many companies needing more control of end point devices and ports.
