Sentiment polled among security professionals working at 300 of some of the world’s biggest and best known corporations puts the risk of insider threats well ahead of that posed by malware or social networking at work.
The study carried out by the Information Security Forum warns businesses of a rapidly increasing “insider threat” for information breaches and ID theft.
The body rates criminal attacks and crimeware as the top threats that security professionals will have to contend with over the next couple of years.
In its Threat Horizon 2011 report ISF highlights the growth of ‘crimeware as a service’ offered by criminal gangs along with infiltration into organisations for insider attacks.
Its predictions are in line with what other industry watchers, who pin point insider crime funded by organised criminals as posing one of the biggest problem for businesses.
The ISF said, ‘Criminal syndicates are developing more sophisticated malware such as viruses and Trojans sold on a ‘commercial’ basis with guarantees including non-detection by commercial anti-malware software and full helpdesk support. In addition, the so-called crimeware as a service model offers services such as DDOS attacks, botnet rental, malware creation and electronic money laundering.’
The assessment considered various political, legal, economic, socio-cultural and technology factors.
After criminal attacks, it rates as the top ten future threats weaknesses in infrastructure, a tougher statutory environment, pressures on off-shoring and outsourcing, eroding network boundaries, mobile malware, the vulnerabilities of Web 2.0,incidents of espionage, insecure user-driven development and changing cultures.
