Top security priorities revealed

IT managers are being warned of the threats that are likely to keep them awake nights in 2007, with laptop security, VoIP and the contentious issue of mobile phone viruses all featuring on one organisation's 'hit-list'.

The Sans Institute says the greatest concern for businesses should be the security of their laptops as more companies replace desktops with notebooks. The mix of sensitive data being taken out of the organisation and a lack of encryption, coupled with incidences of human error that can see such devices lost or stolen means companies should make this issue a top priority.

The Sans report also said the theft of other mobile devices, such as PDAs and smart phones, will increase because of the value of the data they may contain.

Emerging threats from mobile phone viruses and VoIP should also be of concern, according to Sans.

Concerns about the security of VoIP have been around for as long as the technology but the growth in take-up means large enterprises must now take note, whereas previously the typical user was a home user.

And the issue of mobile phone viruses is something that has split the security industry, with many branding it hype and accusing vendors of creating a market out of fear and uncertainty.

Sans predicts: "Mobile phone worms will infect at least 100,000 phones, jumping from phone to phone over wireless data networks."

Such a strong prediction is likely to draw fresh criticism of those peddling the mobile malware threat but Sans joins antivirus vendors such as F-Secure, McAfee and Symantec in making the case for greater mobile security.

Dave Marcus, security research manager at McAfee, said his company is also predicting an increase in the threat levels of mobile malware, though speaking earlier this year he was quick to temper that prediction with some reality.

Marcus said: "It's nascent and it's still proof of concept and it all requires the user to do something." But as more people store sensitive data on handheld devices such as smart phones, Marcus said it is inevitable "the malware is going to go where the data is".

The Sans report also warns of an increase in zero-day attacks - which occur when vulnerabilities are exploited before or on the same day as patches are released - maximising the window of opportunity for the attackers.