2010 Security Predictions from Zscaler - Page 2
2009 was the year that we learned the meaning of the word recession and looked to the cloud for answers.
6.) The arrival of financial DDoS attacks
Cloud-based services generally charge based on actual consumption. This provides attackers with incentive to hold enterprises hostage by artificially inflating costs. Unfortunately, cloud providers have little incentive to stop this practice.
7.) Poking holes in the cloud
8.) Clickjacking comes out of hibernation
Clickjacking roared onto the scene in the summer of 2008 when Jeremiah Grossman and Robert Hansen had their OWASP talk delayed at the request of Adobe. The sensational Web cam/microphone hack that drew media attention has been addressed, but the overall flaw still remains. Clckjacking can be a valuable tool in a social engineering attack and we've just begun to see it leveraged.
9.) Browser vendors finally start to take XSS seriously
I was very encouraged when Microsoft released IE 8 this year and it included cross-site scripting (XSS) protection. For all of the heat that Microsoft takes for security vulnerabilities, it continues to be a leader when it comes to adding innovative security features, and this is another example. I'm confident that other browser vendors have taken notice and will fall in line.
10.) Past Data Breaches will look like child's play
This is by far the easiest prediction to make. We've all been amazed by the staggering numbers of compromised accounts in the CardSystems, Heartland and TJX data breaches, but prepare to be blown away once again. After all, records were made to be broken. As memory becomes cheaper and power becomes more expensive, enterprises are looking to consolidate data storage and continue to build massive data centers and develop ever larger data stores thanks to cloud computing. The volume of data that can be stolen when adequate security controls are not implemented will be truly staggering.