2011 was the year of the cyber criminal

Cyber crooks raided networks, pillaged data, and wreaked havoc in 2011, thanks to our persistently shoddy IT security practices

Page 2 of 2

Truly weaponized worms emerged in 2011. There is no better example than Stuxnet. Stuxnet was discovered in June 2010, but it wasn't until 2011, after heavy analysis, that we all understood just what it could do and how well. It was likely the world's first known cyber warfare malware program meant to take out a Cold War hard asset. Cyber Cold War anyone? Well, thugs were paying attention, and now we have Duqu, which is sort of an automated APT attack. How wonderful -- now we get the benefits of both worlds.

After nearly a decade of pundits declaring, "This year will be the year mobile malware takes off," it finally happened in 2011. Android is powering great phones, and it's even severely cut into Apple's market share. Unfortunately, the malware crews have noticed and jumped at the chance to take advantage of Google's more open ecosystem. Expect future mobile app stores to implement code checking before allowing apps to be published. Anything else would be uncivilized.

Some people may point to lower spam rates and phishing levels as a security victory in 2011. Some of that has to do with the Russian botnet takedowns, most of it has to do with the fact that hackers are embracing more targeted, successful attacks. It's not like most of the Internet's email traffic still isn't malicious -- it is. "But we have DNSSEC now," critics may say. Yeah, let me know when your company has it fully implemented.

If there is anything to celebrate from 2011, it's that the sorry state of IT insecurity has gotten so bad that we must be getting close to a fix. It's like dealing with an addiction: The first step is admitting that we have a problem that will not go away without intervention. We even know how to fix everything. We just need to take that first step.

This story, "Mobile security fails the history lesson," was originally published at InfoWorld.com. Keep up on the latest developments in network security and read more of Roger Grimes's Security Adviser blog at InfoWorld.com. For the latest business technology news, follow InfoWorld.com on Twitter.

| 1 2 Page 2
From CIO: 8 Free Online Courses to Grow Your Tech Skills
View Comments
Join the discussion
Be the first to comment on this article. Our Commenting Policies