MISCELLANEOUS

The future of IT Security

The good, the bad and the ugly

A few months ago, a very good friend and colleague of mine asked me about the future of IT Security. To be more precise, he wanted to know what the prospects look like for our domain and who will be the main driver: the vendor, the end-user, the criminal or the government?

In my opinion, the realm of IT&C Security has reached a more diverse and intricate stage today compared to where it used to stand, let’s say, ten years ago. On the one hand, there’s the proliferation of high-speed Internet connections in the last decade, which has become a standard de facto for both business and home users. As I have travelled quite a lot lately, it has become even more obvious to me that almost everywhere (in Europe and the Americas) all you need to do is open your wireless adaptor and easily find at least one or two networks strong enough to be used.

On the other hand, there’s the advent of Web 2.0 and of other communication sites based on new technologies as well as their rapid evolution during the past 5 years. On my way home there is always someone next to me who either texts, tweets or e-mails someone else using a laptop, netbook or a mobile phone.

What I believe to be obvious in both cases is the fact that these developments have opened the way to a new type of connection between individuals (with all its pros and cons), while also creating specific means for companies to do business and reach their customers (just think about the way you can check in at the airport using a bar code you receive onto your smart phone).

Meanwhile, attackers, hackers, harvesters, phishers and spammers have got their own share of profit from this advance in technology. The dark masterminds behind e-threats and cybercrime have multiplied, spreading globally and organizing into genuine underground networks, which follow a simple, yet unique goal – profit. Just as in any other industry, to ensure considerable gains, cybercriminals needed a way to compromise a large number of systems within which to deploy as many bots, and as much adware and spyware as possible, at little or no cost at all. This is exactly what the current architecture of WWW offers. To give you a simple example, no farther than last week, when connecting my laptop through a wire to a friend’s network, my security suite notified me about a dozen of port listening attempts in less than five minutes.

Hence, the most difficult task of today’s cybercrime is not that of disseminating malware and spam, but that of breaching the security of networks and computers and of exposing them to other threats, while also remaining undetected. This fact explains both the automation of spread processes, as well as the heavy mass production of e-threats in the past years. As a countermeasure, data security vendors have introduced heuristics and behavior-based technologies to make malware writers’ job more difficult, and they are now focusing on “in-the-cloud” defensive systems, on-line backup and encryption mechanisms.

As for users… well, we’ll see about them in the next post. Until then, as usual, safe surfing everybody!

All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of their respective owners.

About the author

Răzvan LIVINTZ

With a humanities passion and background (BA and MA in Comparative Literature at the Faculty of Letters, University of Bucharest) - complemented by an avid interest for the IT world and its stunning evolution, I joined in the autumn of 2003 the chief editors' team from Niculescu Publishing House, as IT&C Chief Editor, where (among many other things) I coordinated the Romanian version of the well-known SAMS Teach Yourself in 24 Hours series. In 2005 I accepted two new challenges and became Junior Lecturer at the Faculty of Letters (to quote U2 - "A Sort of Homecoming") and Lead Technical Writer at BluePhoenix Solutions.

After leaving from BluePhoenix in 2008, I rediscovered "all that technical jazz" with the E-Threat Analysis and Communication Team at BitDefender, the creator of one of the industry's fastest and most effective lines of internationally certified security software. Here I produce a wide range of IT&C security-related content, from malware, spam and phishing alerts to technical whitepapers and press releases. Every now and then, I enjoy scrutinizing the convolutions of e-criminals' "not-so-beautiful mind" and, in counterpart, the new defensive trends throughout posts on www.hotforsecurity.com.

Balancing the keen and until late in night (please read "early morning") reading (fiction and comparative literature studies mostly) with Internet "addiction", the genuine zeal for my bright and fervid students with the craze for the latest discoveries in science and technology, I also enjoy taking not very usual pictures (I'm not a pro, but if you want to see the world through my lenses, here are some samples http://martzipan.blogspot.com), messing around with DTP programs to put out some nifty book layouts and wacky t-shirts, roaming the world (I can hardly wait to come back in the Big Apple), and last but not least, driving my small Korean car throughout the intricacies of our metropolis's traffic.