Targeted attacks and consumerization of IT will be key in 2012
With 2012 just around the corner, Cryptzone, the IT Threat mitigation experts, today announced its 8 key predictions for the top security trends for the coming year.
Peter Davin, CEO of Cryptzone, comments “Employees are now demanding to use their own devices for work with security as a prerequisite. On the other side, hackers have become more sophisticated in whom they target, opting away from indiscriminate strikes. 2012 will see these trends develop even further.”
Targeted Attacks
In 2011, we saw a number of examples of targeted attacks such as Anonymous targeting Sony and the AT&T Terrorist attack. This trend will continue to rise and rather than hackers attacking randomly they will have specific targets whether for political issues or personal vendettas. Therefore more customers will be a target from these pre-designed attacks with the purpose to steal intellectual property. Also attacks against well-known brands will become more common as unsuspecting recipients receive malicious e-mails containing hostile code. Therefore companies need to start thinking about zero-day threats and how to secure their data.
Bring Your Own Device (BYOD)
Organisations will continue to adapt their Enterprise Mobility Strategy. With more users bringing their own devices to work and expecting to use them to gain productivity and efficiency benefits in the workplace, IT departments will have to manage device diversity. One security policy for everyone using mobile devices is not a suitable approach when users form such a non-homogenous group. With less budget to issue corporate approved devices, organisations not only have to take into consideration the protection of their own data, but also make sure users understand what will happen to their personal data should the device be stolen. In many cases the employers will expect to be notified of the loss immediately and may opt to delete all data without exception! Therefore every user who requests access to corporate resources through a mobile device should sign up to a corporate policy before access is granted. This will avoid some nasty surprises and employee grievances.
Greater Security for Production Systems
Production systems have traditionally been considered at lower risk for IT security incidents. However with more and more of these systems running on a Windows platform they are becoming just as vulnerable as other hardware. What’s more the consequences of a security breach can be very serious, even resulting in personal injury or death. Following several attacks against Windows operated robots and X-ray machines, organizations will start to look for security solutions that are not reliant on an Internet connection for security updates..
Intranets on the iPad
During 2012 and 2013 more and more organizations will offer end users the opportunity to interact with Intranet sites or collaboration tools, such as SharePoint, on their private or corporate iPad. This will provide productivity gains for organisations and faster response times, as users respond to corporate documents on a more convenient device both at the office and while travelling. Organisations will have to consider the security implications this poses..
Incident Response Management
Evolving IT security threats are a given for 2012. Most CIOs recognise that data breaches are an inevitable risk. Organizations cannot hope to protect against all threats, so how organizations respond to an incident will become increasingly important. Establishing and communicating incident handling policies and procedures that can be quickly adapted as the threat landscape changes will be crucial to damage limitation. Creating a culture where staff are not afraid to raise security concerns or report security incidents promptly should figure prominently on the compliance agenda.
Context Awareness for Access Rights
Access rights are becoming more and more of an issue to manage as perimeters become more porous. Many companies think role based access is the answer, but this is too often just another name for groups in the network Active Directory, which are already quite complex to manage. Often groups and roles overlap, are duplicated, need sub-dividing or simply remain unused. Greater context awareness will be the answer during 2012, whereby rules are used to derive access rights in real time, based on the context of the user, document and/or request. The power of this approach can be seen by considering what happens if you set just 5 go/no-go rules; this gives as many as 32 different outcomes.
Content Security verses Hardware Security
During 2012 hardware security will remain a priority. However increasingly organizations will look into approaches where the security focus is around actual content rather than the storage device. The same data is often replicated many times throughout an organization and even beyond the organization’s boundary to third parties. It can make it difficult for the end user to understand where data may be stored most securely. Instead of looking at storage security, CIOs will identify content at risk and secure the content, so when it is replicated security stays/travels with the content to all its ultimate destinations.
Shortened Product Development Lifecycles
Customers will increasingly expect vendors to adapt software even more quickly in response to evolving working practices and emerging IT security threats. Those vendors best able to demonstrate technical and business agility to ‘tweak’ their offerings for immediate threat protection will gain a clear competitive advantage. More software adaptations will focus towards usability for less technical users. In order to thwart cyber-security threats everyone within an organization needs to be more vigilant and equipped to take sensible precautions to better secure corporate information. Technology has to be kept as simple as possible for users to adopt as second nature, without significantly impacting their productivity.