The Georgia Tech Information Security Center (GTISC) released its “Emerging Cyber Threats Report for 2009″, which reported on the top five information security threats for the coming year. The results were notably different from last year’s top five, which were: Web 2.0 and client-side attacks, targeted messaging attacks, botnets, threats targeting mobile convergence, and threats to RFID systems. According to the report, the biggest threats for next year are: malware, botnets, cyber warfare, threats to VoIP and mobile devices, and the evolving cyber crime economy. The report notes that all emerging threats and attacks are data-driven.

In describing the growth of malware, the report notes that the cyber criminals have gone beyond mass distribution and are now focusing more on localized and personalized attacks, which appear to be more realistic and give them a better chance of penetration. Expect targeted attacks (such as spear-phishing) to increase. Related to malware is the botnet threat, and the report expects for botnets to grow worse next year. Last year’s report held that ten percent of all online computers were part of botnets, and this year’s report predicts that number will rise to 15 percent. In discussing the cyber crime economy, the report sugests that attacks will become increasingly profit-driven.

The report notes that technological solutions from the security industry are an essential part of the solution, but only a part–and this must be balanced with education and increased regulation. The report suggests following the model of road and airline safety. For example, car insurance is mandated by the government, and one of the analysts suggested a similar mandate for security protection. Of course, many such mandates are already in place, although it stops short of a universal regulation, or at least, a mandate that applies to all entities that are part of the country’s critical infrastructure.