20 Hot IT Security Issues

The IT industry continues to monitor critical risk areas for businesses of all sizes. And in recent months, the list of “hot” security issues continues to grow longer. Online Network World news editor Michael Cooney recently compiled a list of 20 hot IT security issues that confront the industry today.

From critical electricity grid cyber security challenges, to malware on Google’s Android phones, to defense agencies investigating how stories impact security and human behavior, security issues have never been hotter. Here are 20 security stories that have recently shaped the industry:

1. Is retaliation the answer to cyber attacks?
One idea getting attention of late is exploiting vulnerabilities in attack tools and botnets to determine what the attacker was going after or to dive into the attacker's network lair.

2. Cyber criminals targeting point-of-sale devices
Point-of-sale payment processing devices for credit and debit cards are hot targets for cyber criminals as a result of lax security controls.

3. Google Android’s infected apps spotlight mobile danger
Google recently yanked down about 50 Android apps that were found to be malicious.

4. FBI: Internet crime high; types of misdeeds changing
The FBI’s 10th annual Internet crime report found that nondelivery of payment or merchandise, scams impersonating the FBI, and identity theft lead the top 10 online complaints.

5. U.S. adopting new cyber attack plan for security warriors
The Defense Department has devised a plan to help promote cooperation between the government and private industry in an effort to stand up to those waging cyber anarchy.

6. Stolen U.S. military IDs ideal cover for army of online dating scammers
There is a growing trend of fraudsters stealing the identities of U.S. Army soldiers from social network sites and then using that information to set up false profiles on Internet dating sites, ultimately duping prospective dates out of their money.

7. Thought police? DARPA wants to know how stories influence human mind, actions
The Defense Advanced Research Projects Agency wants to determine how stories influence human behavior. So on Feb. 28, DARPA hosted a workshop, called “Stories, Neuroscience and Experimental Technologies (STORyNET): Analysis and Decomposition of Narratives in Security Contexts,” to discuss the topic.

8. Air Force wants cryptographic security for iPhones, Android
The U.S. Air Force is deciding whether to use commercial off-the-shelf (COTS) smartphones, such as Android-based devices or iPhones, and how it can securely process classified voice and data using them.

9. U.S. Supreme Court says NASA background security checks do not go too far
The U.S. Supreme Court recently sided with NASA saying its background checks were not invasive and that the information required for NASA, and most government positions, was a reasonable security precaution.

10. U.S. Secret Service taps video game, 3D technology for advanced security training
The U.S. Secret Service has developed a software system that uses gaming technology and 3D modeling to offer high-tech training for its personnel.

11. Federal watchdogs outline 6 critical electricity grid cyber security challenges
Watchdogs at the Government Accountability Office said that while the increased use of smart grid systems may have a number of benefits, many challenges remain.

12. Anonymous forces HBGary Federal CEO to step down
The CEO of HBGary Federal, Aaron Barr, is stepping down after hactivist group Anonymous publicly exploited the company’s weak passwords and unpatched servers to crack the network and then used information on passwords it gleaned to break into the company’s Gmail accounts.

13. U.S. indicts 27 in Apple product credit-card fraud ring
In February, New York prosecutors indicted 27 people as part of a crime ring that bought Apple iPods, iPads, and other products with stolen credit card information for resale in the criminal underground.

14. Cloud services could bolster national cyber security
The shift to cloud computing could better secure the national digital infrastructure by distributing cyber security among a small number of service providers rather than with thousands of businesses.

15. Will electronic toll systems become terrorist targets?
Weaknesses in 802.11p vehicular wireless networks could make them targets for terrorists seeking to wreak havoc on the highways. The technology will someday be used for controlling traffic flow and warning drivers of highway dangers.

16. Low-cost SSL proxy could bring cheaper, faster security; defeat threats like Firesheep
Off-the-shelf hardware could provide a cheaper, faster way to process SSL/TLS, which could result in more Web sites shutting down cyber threats.

17. Memory scraping malware goes after encrypted private information
Pervasive memory scraping is increasingly being used by attackers to garner personally identifiable information (PII) and other sensitive data.

18. Tablets, smartphones force Cisco to rethink how security works
Cisco unveiled a security architecture, dubbed SecureX, that provides a context-aware method to safeguard networks increasingly overrun with smartphones, tablets, and virtualization.

19. The “Advanced Persistent Threat”
The term Advanced Persistent Threat originated within the Defense Department and its contractors that face continual cyber attack espionage assaults.

20. Is a next-generation firewall in your future?
Traditional port-based enterprise firewalls are slowly losing out to a new generation of fast, intelligent firewalls.

For more detailed information on these 20 top IT security issues, read the full article: