The Next Chapter

Predictions: A Web services security breach will wreck the supply chain. And stolen fingerprints or eye scans will thwart biometric systems.

Executive Editor , Computerworld |

Bye-Bye Incompetents

The fakers, charlatans and incompetents will be purged from the IT security industry. In three years, 40% of the current gaggle of alleged security professionals will leave the industry—some to other professions, many to prison for egregious misrepresentation of their skills. By that time, the Department of Homeland Security will have mandated that all IT security professionals must pass a skills certification test run by the U.S. military academies.

--Thornton May, management consultant and futurist, Biddeford, Maine

XML Catastrophe

In the next two years, there will be a major XML Web services security breach. The consequences will be much more severe than the defaced Web sites and stolen credit cards that caused mostly embarrassment in the early days of e-commerce. Instead, automated production lines will grind to a halt, company bank accounts will be emptied, 100-company-long supply chains will break, and the most proprietary corporate data may be disclosed.

-- Eugene Kuznetsov, chairman and chief technology officer, DataPower Technology Inc., Cambridge, Mass.

Attacks Get Speedier

As attacks grow more professional in nature, we'll see an even greater increase in the speed of threats. For instance, "flash worms" would operate under the premise that a determined hacker could have obtained a list of all (or almost all) of the servers open to the Internet in advance of the release of the worm. Such an attack could infect all vulnerable servers on the Internet in less than 30 seconds. Protecting against these threats will require new, proactive technologies, including behavior blocking, anomaly detection and new forms of heuristics.

-- Rob Clyde, CTO, Symantec Corp., Cupertino, Calif.

Offshore Terrorists

Next year, a "sleeper cell" terrorist group will infiltrate the offshore programming industry and be identified as the cause of a widespread worm that will have been injected in the code of a widely used software product.

-- Tari Schreider, director of the security practice, Extreme Logic Inc., Atlanta

New Organizational Chart

Public and private companies, in large numbers, will merge physical and data security. They'll unify these two independent groups on the organizational chart and convert physical access-control systems from stand-alone systems to network-enabled systems that convert physical access activity into network data. This data about physical access will be correlated with IT activity reports to provide early detection and warning of security breaches.

-- Joel Rakow, partner, Tatum Partners, Los Angeles

Surgical Strikes

Three or four years ago, hackers were taking a haphazard, shotgun approach to Internet attacks, but now they're using their tools to penetrate very specific and lucrative targets, especially enterprise networks containing valuable intellectual property. These highly targeted attacks are on the rise, each one more intelligent and harmful than the last. By 2005, targeted attacks will account for more than 75% of corporate financial losses from IT security breaches.

In the next two years, companies will need to build much stronger and more intelligent defenses around every network endpoint touching sensitive information, instead of depending on general perimeter security.

-- Gregor Freund, CEO, Zone Labs Inc., San Francisco

Horses and Loggers Threat

By the end of 2003, Trojan horses and keystroke loggers will overtake viruses as the greatest threat to PC users. We'll see countless malicious attacks each month—and most will initially go undetected, causing companies to lose millions of dollars. This problem will be made worse by the proliferation of wireless laptops and other mobile devices, which provide hackers with a back door for infiltrating enterprise networks.

-- Pete Selda, CEO, WholeSecurity Inc., Austin

Stolen Fingerprints

Biometrics is perceived as the ultimate in security, but what does somebody do once their bioprint is stolen? Within three years, hackers will have all sorts of scanned fingerprints, retinal patterns, etc., and these will be used to bypass biometric network security. When your credit card is stolen, you phone Visa and have a new card issued. When your bioprint is stolen, do you call God and ask for a new set of fingerprints or eyes?

-- Malcolm MacTaggart, president and CEO, CryptoCard Corp., Kanata, Ontario

Outdated Signatures

Behavioral-anomaly-based technology will replace traditional signature-based methods to prevent damage from viruses, worms and Trojan horses over the next three to five years.

-- Jeff Platon, senior director of security marketing, Cisco Systems Inc.

Firing the Clueless

P.T. Barnum knew that a sucker was born every minute. Since most cyber risk is directly attributable to insider activity, including the social engineering of digital dullards, a renewed focus on background checks is necessary. The chief security officer of the future, working with the HR chief, is going to find and fire digital "suckers" before their dimness puts the enterprise at risk.

-- Thornton May

Little Blue

The SmartPrint TruBlue, from Labcal Technologies Inc. in Quebec City, combines fingerprint biometric technology with a smart-card authentication reader. The goal of this hybrid device is to eliminate those pesky, complicated passwords. It plugs into a computer's Universal Serial Bus port.

— Mitch Betts

The SmartPrint TruBlue, from Labcal Technologies Inc.

Tips From Security Experts

Stories in this report:

  • Editor's Note: Tips From Security Pros
  • The Story So Far: IT Security
  • Know Thy Users: Identity Management Done Right
  • Opinion: Feeling Insecure About Databases
  • Evaluate Outsourcing Partners
  • Strengthen Security During Mergers
  • Thwart Insider Abuse
  • Privacy Protection, Step by Step
  • Plug IM's Security Gaps
  • Boost Your Security Career
  • The Almanac: IT Security
  • Buffer Overflow
  • The Next Chapter: IT Security
  • Thwarting attacks on Apache Web servers
  • Tips for Securing Your Windows Operating System
  • The Hacker's Wireless Toolbox Part 1
  • How to defend against internal security threats
  • Ten ways to defend against viruses
  • Decoding Mobile Device Security
  • Five ways to thwart threats to your network
  • Secrets to the best passwords
  • Social engineering: It's a matter of trust
  • Five tips for effective patch management
  • Security Basics: Where to Start
  • Steps to a secure operating system
  • WLAN chip sets open a new door to insecurity

Mitch Betts is an executive editor at IDG Enterprise. He was previously executive editor of CIO and Computerworld magazines.

Copyright © 2003 IDG Communications, Inc.