Current Filter: Security>>>>>>

   

Everyone would like to know what will be the major challenges for the industry, as the next 12 months reveal themselves. Will it be malware, BYOD, phishing or cyber crime, for example? Will it be internal breaches by disgruntled staff? Will it relate to compliance around the Cloud? Or are there new issues that will surface as the hackers, crackers and lax security take their toll?

No doubt all of the familiar issues will be to the fore once again, with the battle to protect the business fully engaged and relentless. But what do those within the industry itself see as the emerging trends - and, most importantly, how do you contain the burgeoning and ever more sophisticated threats?

Deeply worrying is the fact that most organisations will be cash strapped in this threatening landscape. "Trying to plug security gaps with less budget than before is a pretty familiar scenario for IT managers and that is not likely to change in 2013," warns Ian Kilpatrick, chairman Wick Hill Group. "Companies will still need to find the right blend of tactical and strategic solutions, with limited finances, while trying to avoid being overly influenced by headline-grabbing security scares."

The most pressing security issues will include mobile device security, wireless security, virtualisation security and authentication. "Mobile devices (including BYOD) inside organisations will create even bigger risks than before, centred around data security and data loss issues, as well as the security consequences of devices that go missing. As the majority of mobile devices in the UK don't even have PIN protection, let alone anti-virus or anti-phishing, it's going to be a fast learning curve."

The challenge in 2013 is to make sure that before deploying mobile devices across an organisation, policies are agreed, with board level input and approval, accepted by staff and then deployed onto the devices, so risks can be minimised. "It's less expensive, easier to do and considerably more acceptable to users than post-event deployment," he points out.

Another area where organisational security has been compromised, and where IT and IT security are in catch-up mode, is virtualisation. "Sharing multiple servers on the same physical device, in the same virtual infrastructure, creates the risk that, without a virtual firewall to protect the virtual server, any breach in one area will potentially proliferate across multiple virtual devices."

Finally, Kilpatrick regards it as incredible that two-factor authentication is still the exception rather than the rule. "In 2013, the growth of mobile devices, the increasing use of the cloud, and more virtualised or remote data centres will be just some of the factors making it more important for organisations to identify users and manage network access, as well as switching off access when an employee or contractor departs."

Everyone's a target
In 2013, the attacks on information will step up a notch, states Dr Guy Bunker, senior vice president of products, Clearswift. "2011 and 2012 witnessed a rise in the number of advanced persistent threats (APTs) attacking businesses and governments, but 2013 will see them target the small and medium enterprises," he predicts. "No longer are cyber-criminals just after jet fighter designs and state secrets; they can make money out of anything! The challenge for organisations in combatting this onslaught will be intensified by the increased adoption of BYOD and the cloud.

'Work' devices were used for just that - work. Whereas with BYOD, the devices are frequently used by other members of the family and security is not top of mind. Apps will be downloaded and the consequences will not be considered. The 2013 cyber-criminals will become 'joined-up': they will seek out the social interactions and relationships, targeting the secondary users of devices as a means to insert an APT into an organisation." The cloud will continue to inveigle its way into our business lives, while use of the term 'Information Governance' (IG) will continue to grow. "New products will be released to support IG that will help organisations understand their information and the potential security issues surrounding them," Bunker adds. "Some IG solutions will include the next generation of Data Loss Prevention (DLP), whereby content will be automatically adapted to match the required policy - enabling it to be shared, rather than blocked [a process Clearswift calls Adaptive Redaction].

Page   1  2  3  4