Quicklook: five security trends in 2012
The saddest thing about security is that it only wins recognition when it fails. Next year’s evolution of cloud and mobile services will give new opportunities to everybody, including hackers. What should CIO's get ready for? Here are five hot topics:
Social media usage is growing fast. The world's leading social-list, Facebook will inevitably become a vector for attack. WatchGuard forecasts Facebook-based attacks will increase next year driving the network to improve security in order to protect its users. "If Facebook doesn't "like" security they'll surely get "poked"," WatchGuard warns in its note.
bring your own device (BYOD)
Consumer technology is already in the workplace. It's time to get to grips with managing security on these devices, virtual device management and outsourced services may be part of the approach. You also need strategies to manage and support app installation and download on both corporate and personal devices.
In Ponemon Institute's recent State of the Endpoint survey (PDF) 17% of 688 information and security managers said more than 75% of employees in their organizations already use personal devices in the workplace, while 20% said over half did.
Are these things protected? The evidence says many are not. Recent Ponemon Institute research on healthcare providers' patient privacy practices revealed that: "81 percent of respondents say employees in their healthcare organizations are using mobile devices to collect, store and/or transmit some form of PHI [Protected Health Information], 49 percent admit their organizations are not doing anything to protect these devices."
Beware: a recent Gartner report warns to expect new breeds of malware optimized to attack tablets and smartphones.
Has your company virtualized your servers? If so then you'll already be considering what new security controls and options most make sense. Aren’t you?
The Stuxnet attack showed the need to protect your equipment physically as well as with software. "Expect at least one digital attack in 2012 to cause a significant repercussion to a physical infrastructure system," WatchGuard warns. Expect to protect yourself against software-driven attacks against your company's physical infrastructures.
Don't jump into the cloud too quickly. Next year will see a mushrooming of cloud-based solutions, but you'll also see new security challenges and big name failures. Despite this, the cloud is here to stay so be aware of the changing security environment.
"One of the biggest challenges for companies is moving into the cloud space and virtualizing a lot of the products they use," says Lenin Aboagyue, principal security architect at Apollo Group.
Gartner says that 40% of enterprises will ask their providers to offer proof of independent security testing before they use their service by 2016. They also believe over 50 percent of Global 1000 companies will have stored customer-sensitive data in the public cloud.
Perhaps more threatening: small and medium-sized businesses lacking the budget to provide extensive security protection must beware. IT consultants, Kroll, believe hackers will target SMBs to get hold of their valuable data.
"Common modes of attack include everything from social engineering to SQL injection. In addition, ongoing use of legacy systems — weakened by postponed or overlooked upgrades and replacements — put SMBs at heightened risk.”
Security isn't just about protection, it's also understanding the nature of new business changes.
"As the world of IT moves forward, CIOs are finding that they must coordinate their activities in a much wider scope than they once controlled. While this might be a difficult prospect for IT departments, they must now adapt or be swept aside," said Daryl Plummer, managing vice president and Gartner fellow.
Larger firms will deploy rapid response security teams to defend against these new challenges. As I mentioned, we're in a time of rapid change. As devices grow more sophisticated, so will hacker attacks.
When did your firm last review your tech security measures? Can these be improved for the mobile age?