The consumerization of IT will continue to wreak havoc on IT departments in 2013 as the rise of bring-your-own-device (BYOD), cloud computing and social media continuously provide ill-intended hackers and cyber criminals expanded platforms to exploit.
As employees use more consumer-grade applications and access more corporate data from unmanaged mobile devices, the network perimeter continues to disappear – along with IT's ability to enforce appropriate security controls.
Convenience and efficiency is top of mind for end-users, while security awareness ranges from limited to non-existent. As a result, security officers will have their work cut out for them in the year ahead. New breeds of sophisticated attacks designed to take advantage of security-ignorant end-users debuted in droves throughout 2012 – and I expect this trend will only strengthen in 2013.
Here are the top seven end-user security threats that IT departments must be prepared to combat in 2013:
Social media: Malicious code within ads or third party apps, posts containing links to malicious sites and sharing of sensitive information or derogatory comments will continue to pose real risks in 2013 – ranging from exposing proprietary information to damaging the corporate brand and even inviting lawsuits. Online work and personal identities are merging as employees increasingly use social media platforms like Twitter, LinkedIn and Facebook to communicate with customers, partners and friends. As people become more willing to share personal information online, they assume a dangerous level of trust for new “friends” and “followers,” and open the door for new creative variations of old social engineering attacks.
Text messaging: A report from the Pew Internet and American Life Project claims that 73 percent of adults with a mobile phone use text messaging – sending and receiving an average of 41.5 messages per day. And most are not likely to think twice about the security implications of clicking on a link in a text. This leaves an open door for attackers to spread malware, phishing scams and other threats among mobile device users. SMS phishing, aka ‘smishing' attacks, will continue to gain momentum in 2013 because unlike major web browsers that have phishing protection built in to alert the user to suspicious sites, mobile phones aren't equipped to help users avoid malicious text messages.
App downloads: BYOD programs make it tough for IT departments to control the security of end-user devices. It is often difficult for employees to understand why they can't download their favorite apps (like Angry Birds) to their personally owned devices – even when those devices contain sensitive corporate data and business applications. At the same time, malicious and high-risk apps are becoming more sophisticated. The number of dangerous Android apps is expected to hit 350,000 by the end of 2012 and one million by the same time next year.