Jaime Chanaga, CISSP, CISA

In 2006 there have been a few trends and issues related to security and privacy that are noteworthy.  Here is my short list of security trends and issues that will continue to gain momentum and visibility throughout the rest of the year.

1. Phishing attacks (aka. business identity theft)--phishing is accomplished sending emails to entice consumers to provide personal information to a website pretending to be a legitimate business.  Examples include fraudulent phishing emails that entice bank customers to "log in" and verify their information.  Unsuspecting consumers see the email and the false website which may look 100% exactly like the website for their bank and provide their personal and financial information.  The cyber thieves then capture the customers user-name, password, account information, etc. and proceed to victimize the customer by stealing their information and assets.
2. Insider threats--companies and organizations of all sizes are waking up to the reality that the biggest threats in the future may come from trusted internal sources, namely employees.  As companies are off-shoring certain functions including  internal software development, off-shore call centers for billing and customer services, etc.  there are additional risks which are often overlooked.  Off-shore facilities and staff are not routinely checked for potential information security leaks.  Also the issue of foreign laws, rules, and regulations related to the protection of consumer personal and financial data privacy are not carefully considered by most organizations today.  Companies and organizations will be forced in the coming years to add additional measures of security that must include policies, education, and enforcement to deal with the growing potential for insider threats.
3. Security and Privacy Legislation--News stories of breaches of consumer personal, medical, and financial privacy during 2005 and early 2006 caught the attention of legislative bodies in the United States.  Although several states are now crafting consumer privacy laws to deal with this problem, it is foreseeable that in the short term the United States Congress will probably have to deal with this issue at a federal level. Although Sarbanes-Oxley, HIPAA, GLBA, etc.  will continue to impact companies and organizations across the United States, it is also possible that Congress will continue to create stronger legislation to enhance and further protect the rights of consumers and businesses given the gaps and shortcomings of existing legislation and the increase in sophistication of security and privacy breaches.

Comments and questions are always welcome! 

Jaime