Security predictions for 2008 are rolling in. Here’s a summary of what’s being said in cyberspace as well as a few of my own thoughts on 2008.  

Websense Corp issued a list of top threats to watch out for in 2008. They include:

Olympics – new cyber attacks, phishing and fraud

Cross platform Web attacks – Mac, iPhone popularity spurs increase

Malicious SPAM invades blogs, search engines, forums and Web sites

Attackers use Web’s ‘weakest links’ to launch attacks

Message Labs offered their own intelligence report called:  2008 Security Predictions:

The Year the Shadow Economy Adopts Mainstream Approaches but the Threat Landscape Keeps Innovating. 

Their report claims that much more stormy weather is ahead as the shadow economy door widens further and spammers adopt virus tactics.

 If you’re looking for a video to watch on this topic, Saumil Shah, founder and CEO of Net-Square taped his views back in August at Black Hat.

Meanwhile, Baseline Magazine wrote that more trouble is in store for CISOs in 2008, as we experience increases in Web 2.0 vulnerabilities and mobile computing attacks.

The Georgia Tech Information Security Center, a research and education arm of the Georgia Institute of Technology, is quoted in the report. Their top five threats CISOs will face next year are:   Web 2.0 and Client-Side Attacks.

 Targeted Messaging Attacks.

 Botnets, specifically the spread of botnet attacks to wireless and peer-to-peer networks.

 Threats Targeting Mobile Convergence.

 Threats to Radio Frequency Identification Systems. 

 While it’s difficult to argue with any of these security challenges, I’d like to add a few other items to the possible CISO sleepless night list for 2008:

1)      A Major botnet or virus attack gets (front page) national attention as outages cost millions. We haven’t seen a major outage make the front pages of major newspapers in the past few years. This run will likely end.

2)      A Class Action Lawsuit on ID Theft. Some group will take some company to court. The state’s Attorney Generals may even get involved.

3)      Increasing amount of inappropriate cyber conduct which is going on at work gets exposed to public. Cyber ethics becomes real priority for governments and businesses as the level of shenanigans becomes unbearable for stockholder and citizens cry-out for action. The link between individual behaviors and good security and privacy becomes much clearer.

4)      Many more takeovers in security industry.