Nine Predictions for What IT Directors Will Be Saying in 2007

From organized identity theft crimes to putting a close eye on USB memory, here's what IT security will be watching out for


We predict that consumer concern over privacy breaches will force the government to enact more information privacy laws in corporate environments. The 2006 Data Accountability and Trust Act approved by the House of Representatives may shame companies by forcing them to disclose security breaches, but without some real repercussions in penalties, fines or prosecution, it won't be enough.

"How did your virus get in my video?"
Viruses, trojans and worms are going multimedia in '07. We have been trained like Pavlov's dogs not to open executable attachments from people we don't know, but what harm will an innocent video of a talking cat do? A lot. This year we are going to see the rise of multimedia malware. In addition, Web 2.0 will create new security vulnerabilities. As we enable anonymous users to interact and post messages and files on our websites and servers, we are offering new platforms for their malicious intent. Downloading a free ringtone may be giving someone a free pass to your address book. Viewing an "uplifting" PowerPoint may enable someone to "lift" the passwords from your desktop

"Keep your hands off my files."
Protections have long been in place to theoretically prevent unauthorized access to files. However, passwords and server access restrictions are grossly inadequate when files are being sent over unsecured networks or stored on mobile devices. When the CEO's laptop is stolen, encryption and remote data deletion are two of the more effective methods for protecting information and securing files.

"Spam me baby one more time."
Spam shows no signs of slowing down. For every new tool there are ten new tricks to circumvent the spam filters and junk mail settings. In 2006, these tools have done little more than hold back a flood with a paper cup. Without effective law enforcement in this arena, the spammers are making too much money to worry about being a little unethical in their business practices. Rumors of international mafia rings and organized crime behind the lucrative business of spam are rampant. Unfortunately, we see no end in sight to the onslaught of offers for prescription drugs, adult toys, hot stock tips and an inheritance from the royal family of Nigeria. IT directors will continue to deploy filters, third-party services, firewalls and other feeble defenses in the vain hope that the next great product will actually work.

"Can we implant RFID chips in all of our employees?"
RFID is all the rage in logistics, shipping and warehousing for cargo and equipment. After Walmart pushed the envelope in 2005, forcing its suppliers to use RFID tags, retailers across the mall have taken the leap. Even corporations have started to smarten up, tagging valuable equipment on corporate campuses. In 2007 we'll see the next generation of RFID implementations for workforce management. Although a few brave/questionable companies have implanted glass-encased RFID tags in fearless employees, (see Financial Times story), we don't expect employers to adopt this methodology in the near future. We do expect to see RFID enabled ID tags to provide an additional layer of security for facility access, emergency services and human resources and payroll. Employers can leverage RFID to automate and streamline functions that were previously done manually and were labor intensive such as tracking hourly employees, equipment operators or facility access.

"Please leave your cell phone, Blackberry, digital camera, USB-key, voice recorder and any other digital device at the security desk."
With micro and nano technology generating a plethora of digital devices that can quickly capture, store and disseminate images and files, opportunities abound for security breaches and sensitive data leaks from corporations with the tightest security. We have already seen bans on camera phones in the gym locker room or classroom (because teens are notoriously crafty at exploiting technology in ways we never imagined.) In 2007, we'll start to see more IT directors tightening the reigns on the use of mobile and digital devices. As files move from a secure server to a Blackberry or a photo at the office Christmas party is posted on the Internet, new risks arise as sensitive information travels outside the walls of corporate headquarters. The very devices that are meant to be productivity tools for a mobile workforce have become liabilities and security vulnerabilities that need to be addressed.