Imperva delineates five key security trends Organisations will face during the next ten years 

London, 08 December 2009: As we approach the dawn of a new decade, battle lines are firmly drawn with Organisation’s squaring up to Cyber Criminals.   Imperva, the Data Security leader, predicts five key security trends to watch for over the next ten years:

• The industrialisation of hacking - Clear definitions of roles are developing within the hacking community forming a supply chain that starkly resembles that of drug cartels. The weapons of choice will be automated tools applied through botnets. Imperva recently tracked and analysed a compromise that affected hundreds of servers. The scale of this attack, and others like it, is enormous and would not be achievable without total automation.

• A move from application to data security as cyber-criminals look for new ways to bypass existing security measures and focus on obtaining valuable information.

• Increasing attacks through social network sites where vulnerable and less technically savvy populations are susceptible to phishing attacks and malware infection.

• An increase in credential theft/grabbing attacks. As the face value of individual credit card records and personal identity records decreases (due to massive data breaches) attackers look at more profitable targets. Obtaining application credentials presents an up sell opportunity as they provide a greater immediate value to stolen data consumers up the food chain.

• A move from reactive to proactive security as organisations move from sitting back and waiting to be breached, to actively seeking holes and plugging them as well as trying to anticipate attacks before they come to realization.

Amichai Shulman, Imperva’s Chief Technology Officer, advises application owners to get their act together and tackle these trends head on. His key recommendations for focus come January 1, 2010 are: “Organisations serious about protecting data will need to address not only the application level but also at the source of data.  This will mean introducing of new technologies including a Database Firewalls, File Activity Monitoring, and the next generation of DLP products. These tools should also be combined together with other technologies such as Web Application Firewalls and classic DLP solutions to allow organization to keep track of dataflow across the enterprise from source to sink. I see the automation of hacking as a major issue and technical measures will be needed to combat this trend. Organisations must look to integrate their protection tools with proactive security measures, admittedly not readily available today, however the security community is currently developing solutions and these will become widely available over the next few years. The next decade must see the IT security industry rise up and stand shoulder to shoulder if it is to win the fight against cyber-criminals.”