The landscape of security is constantly changing. Attackers are becoming increasingly more sophisticated and, in some cases, more aggressive. You’ve had opportunities to learn about known issues and vulnerabilities. These topics are crucial to your environment’s security, but you have more to learn. As new threats emerge, you’ll be responsible for adapting your environment to face them. As long as you have established a solid security policy and are diligently protecting your environment from threats, you should be able to react to new threats.

Good security practices help you react to new threats as well as existing ones. Don’t ever think that emerging threats are the only ones you should consider. Many attackers focus on older, well-known methods. Even so, numerous organizations still aren’t proactive about security and are vulnerable to these older threats. Stay vigilant against all known threats as you build defenses against new ones.

These emerging threats are likely to shape the security landscape for the near future:

• One of the fastest growing attack methods is social engineering. Social engineering is the process of an attacker tricking or convincing an authorized user to carry out an action or provide valuable information for which the attacker does not have authorization. In other words, the attacker gets the authorized user to do the dirty work. Many types of attacks depend on this attack method and the trend indicates even more growth. The best defense against social engineering attacks is educating your users to recognize and report any social engineering attempts.

• Mobile devices are rapidly becoming the most attractive targets for attackers. While device theft is a valid concern, many attackers attempt to compromise mobile devices to use as bots. The mobile nature of these devices attracts attackers to create mobile bots to launch attacks. Mobile devices also commonly store large amounts of personal information. The information that makes mobile devices so convenient for users also makes them valuable attack targets. Most mobile devices used to run iOS, Blackberry OS, or Android operating systems. Microsoft released Windows 8 and Windows Phone OSs to compete in the mobile device marketplace. While these mobile Windows OSs running on mobile devices are different from legacy desktops and laptops, many of the security concerns are the same.

• Expect to see more scams by questionable security consulting or software firms. These companies use fear tactics to get users to purchase their product to remove security problems. These programs may not work, may be rebranded versions of freely available software, or may be malware themselves. Train users to install software only from trusted sources.

• As attacks become more data-focused, focus your controls more on data than on the containers of those data. Explore access controls in your applications and database management systems.

• Cloud computing will continue to grow as the environment of choice for organizations of any size. Cloud computing is the practice of renting computer resources from a provider instead of owning the resources. Operating in the cloud environment opens your data to many more vulnerabilities, because your data reside on servers accessible from the Internet. Use secure access controls to keep your data safe.

• Malware will expand and use legitimate network traffic to send itself to other computers. Malware programs are getting more sophisticated to avoid detection. Be vigilant. Recognize suspicious traffic and filter it out.

These are just a few of the expected trends that will continue or emerge in the coming years. Stay secure by ensuring good basic security, training and engaging your users in secure practices, and keeping all software current. These steps will allow you to withstand today’s attacks and those that will come in the near future.