The Next Affiliate

Predictions: A Web services security alienation will wreck the supply chain. And stolen fingerprints or center scans will thwart biometric systems.

Executive Editor , Computerworld |

Bye-Bye Incompetents

The fakers, charlatans and incompetents will be purged from the IT security manufacture. In three years, 40% of the current gaggle of alleged security professionals will leave the industry—some to other professions, many to prison for egregious misrepresentation of their skills. By that time, the Department of Homeland Security volition take mandated that all It security professionals must laissez passer a skills certification test run by the U.South. war machine academies.

--Thornton May, management consultant and futurist, Biddeford, Maine

XML Catastrophe

In the next two years, there volition be a major XML Web services security breach. The consequences volition exist much more severe than the defaced Spider web sites and stolen credit cards that caused by and large embarrassment in the early days of eastward-commerce. Instead, automatic production lines will grind to a halt, company bank accounts will be emptied, 100-company-long supply bondage will break, and the most proprietary corporate data may exist disclosed.

-- Eugene Kuznetsov, chairman and chief engineering officer, DataPower Applied science Inc., Cambridge, Mass.

Attacks Get Speedier

As attacks abound more than professional person in nature, we'll see an fifty-fifty greater increase in the speed of threats. For instance, "flash worms" would operate under the premise that a adamant hacker could have obtained a listing of all (or almost all) of the servers open to the Internet in advance of the release of the worm. Such an attack could infect all vulnerable servers on the Internet in less than 30 seconds. Protecting against these threats will require new, proactive technologies, including behavior blocking, anomaly detection and new forms of heuristics.

-- Rob Clyde, CTO, Symantec Corp., Cupertino, Calif.

Offshore Terrorists

Side by side yr, a "sleeper prison cell" terrorist group will infiltrate the offshore programming industry and be identified as the cause of a widespread worm that will accept been injected in the lawmaking of a widely used software product.

-- Tari Schreider, director of the security practice, Extreme Logic Inc., Atlanta

New Organizational Chart

Public and private companies, in big numbers, will merge physical and information security. They'll unify these ii contained groups on the organizational chart and convert physical admission-command systems from stand up-alone systems to network-enabled systems that convert physical access activity into network data. This data about physical access will be correlated with It activity reports to provide early detection and warning of security breaches.

-- Joel Rakow, partner, Tatum Partners, Los Angeles

Surgical Strikes

Iii or four years ago, hackers were taking a haphazard, shotgun arroyo to Internet attacks, but now they're using their tools to penetrate very specific and lucrative targets, especially enterprise networks containing valuable intellectual property. These highly targeted attacks are on the rise, each one more intelligent and harmful than the last. Past 2005, targeted attacks will account for more than than 75% of corporate financial losses from IT security breaches.

In the next two years, companies volition need to build much stronger and more than intelligent defenses effectually every network endpoint touching sensitive data, instead of depending on full general perimeter security.

-- Gregor Freund, CEO, Zone Labs Inc., San Francisco

Horses and Loggers Threat

By the end of 2003, Trojan horses and keystroke loggers will overtake viruses equally the greatest threat to PC users. Nosotros'll see endless malicious attacks each month—and nigh will initially go undetected, causing companies to lose millions of dollars. This problem volition exist fabricated worse by the proliferation of wireless laptops and other mobile devices, which provide hackers with a dorsum door for infiltrating enterprise networks.

-- Pete Selda, CEO, WholeSecurity Inc., Austin

Stolen Fingerprints

Biometrics is perceived as the ultimate in security, merely what does somebody practice in one case their bioprint is stolen? Inside 3 years, hackers will accept all sorts of scanned fingerprints, retinal patterns, etc., and these will be used to bypass biometric network security. When your credit card is stolen, you phone Visa and take a new card issued. When your bioprint is stolen, do y'all call God and inquire for a new set of fingerprints or optics?

-- Malcolm MacTaggart, president and CEO, CryptoCard Corp., Kanata, Ontario

Outdated Signatures

Behavioral-anomaly-based applied science volition replace traditional signature-based methods to foreclose damage from viruses, worms and Trojan horses over the next three to five years.

-- Jeff Platon, senior director of security marketing, Cisco Systems Inc.

Firing the Clueless

P.T. Barnum knew that a sucker was born every minute. Since well-nigh cyber risk is directly owing to insider activity, including the social technology of digital dullards, a renewed focus on background checks is necessary. The chief security officer of the hereafter, working with the HR chief, is going to find and burn down digital "suckers" before their dimness puts the enterprise at risk.

-- Thornton May

Piddling Blue

The SmartPrint TruBlue, from Labcal Technologies Inc. in Quebec Urban center, combines fingerprint biometric technology with a smart-menu authentication reader. The goal of this hybrid device is to eliminate those pesky, complicated passwords. It plugs into a computer's Universal Serial Motorbus port.

— Mitch Betts

The SmartPrint TruBlue, from Labcal Technologies Inc.

Tips From Security Experts

Stories in this study:

  • Editor's Note: Tips From Security Pros
  • The Story So Far: Information technology Security
  • Know Thy Users: Identity Management Done Right
  • Opinion: Feeling Insecure Nigh Databases
  • Evaluate Outsourcing Partners
  • Strengthen Security During Mergers
  • Thwart Insider Abuse
  • Privacy Protection, Stride past Step
  • Plug IM's Security Gaps
  • Boost Your Security Career
  • The Almanac: IT Security
  • Buffer Overflow
  • The Next Chapter: IT Security
  • Thwarting attacks on Apache Web servers
  • Tips for Securing Your Windows Operating System
  • The Hacker's Wireless Toolbox Role one
  • How to defend against internal security threats
  • Ten ways to defend against viruses
  • Decoding Mobile Device Security
  • 5 means to thwart threats to your network
  • Secrets to the best passwords
  • Social engineering: Information technology'southward a affair of trust
  • Five tips for effective patch management
  • Security Basics: Where to Kickoff
  • Steps to a secure operating organisation
  • WLAN scrap sets open up a new door to insecurity

Mitch Betts is an executive editor at IDG Enterprise. He was previously executive editor of CIO and Computerworld magazines.

Copyright © 2003 IDG Communications, Inc.