Cyber criminals will become more complex and work together with every year. In order to combat the threat in years, 2015 data security experts must understand these five trends.
In the field of information security, 2014 has been a year of what looks like an endless flow of cyberthreats.And retailer data breaches affecting banks, gaming networks, governments, and more.
The calendar year may be drawing to close. But we can expect that the size, intensity and complexity of cyber threats will continue to increase, said Steve Durbin, managing director of the information security forum. (ISF), Non-profit association that assesses safety and Risk management issues on behalf of members
Looking ahead to the year 2015, Durbin said that the ISF saw five security trends that will dominate the year.
"For me, there are not a lot of spectacular new," Durbin said. "What is new is the increase in complexity and complexity."
The internet is a more attractive hunting ground for criminals and terrorists, cries for incentives to make money, get noticed, cause disruption, or even bring down companies and governments through online attacks. Said
Cybercriminals today focus on working out of the former Soviet states. They are highly skilled and have very modern tools - as Durbin notes. They often use 21 tools in the 20 century to implement the XNUMX century system.
"In the 2014 years, we have seen cybercriminals demonstrate a high degree of interoperability between themselves and the level of technical competence that captures large organizations without realizing it," Durbin said.
"In 2015 years, organizations must be prepared for unpredictability, so they have the flexibility to withstand unforeseen high impact events," he added. "Cybercrime, along with an increase in online causes (Hacktivism), an increase in the cost of practice in dealing with uptick in terms, coupled with the relentless advances in technology against the backdrop of the Under the investment, every security agency can unite to the perfect storm threat. Organizations that can identify what the business needs most rely on are well placed to find a number of business cases that will invest in resilience, thus minimizing the impact of the unexpected. "
2. Privacy and Regulation
Most governments have already created or are in the process of creating rules that define conditions for the protection and use of personal information (PII). There are penalties for organizations that fail to adequately protect them. As a result, Durbin notes, Organizations need to maintain privacy as both a risk, compliance and business risk to reduce regulatory penalties and business expenses, such as damage to reputation and loss. Customer due to privacy violation.
Natural patchwork of global regulations is likely to become a growing burden on the organization in the years 2015.
"We will see an increase in plans for controlling the collection, storage and use of data, along with severe penalties for loss of data and notification of violations, especially throughout the European Union." Said Durbin "This expectation will continue and further development, taxation, administrative costs, superior governance, security and legal functions, including human resources and data entry. Faculty level. "
He added that organizations should look at the EU's fight against data breach and control of privacy, temperature measurement and planning appropriately.
"The regulator and the government are trying to get involved," he said. "That is putting a huge burden on the organization. They need resources in order to meet and they want to be aware of what is going on. If you've got a home counseling you're going to start using up theirs. If you do not have the expense. "
3. Threats From Third-Party Providers
The supply chain is an important component of the operations of every global business organization and the backbone of today's global economy. However, Durbin said that every security chief is growing more concerned about how to open them, there will be numerous risk factors, a range of valuable and important information often shared with the supply. Irvine and when the information is shared, direct control will disappear. This leads to an increased risk of securing the integrity or readiness to be destroyed.
Even the seemingly harmless connections can be carriers for attacks, attacking targets that exploit the application of web services that vendors HVAC Of the company used to send invoices
"During the next year, third parties will continue to be under pressure from targeted attacks, and unlikely to be able to provide confidence, confidentiality, complete information and / or readiness." Said "Organizations of all sizes need to think about the consequences of being a supplier by chance. But it is dangerous to access their intellectual property, customer or employee information, commercial plan or negotiation. And this idea should not be restricted to production or distribution partners. It should also be able to embrace the professional services of your attorney and accountant. Access to potential shares with your most valuable information assets. "
Durbin added that InfoSec professionals should work closely with those in charge of contracting services to perform due diligence thoroughly on potential arrangements.
"It is imperative that organizations have strong business continuity plans in place to maximize both flexibility and confidence of senior executives in their ability to function," he said. Risk assessment data supply chain can provide detailed, step by step how to be a part of another awesome project. Can handle This method should be driven by data and vendors are not centralized, so it is scalable and repeatable. Throughout the organization. "
4. BYOx Trends in the Workplace
"While staff trends, adoption of handheld devices, deployment and storage of cloud-based applications and access to work continues to grow, businesses of all sizes are seeing data security risks being exploited at a much greater rate than before." These are the risks arising from both internal and external threats, as well as the adaptation of one's own equipment. The software and its use of business quality testing is not reliable. "
He noted that if you examine the BYO risk too high for your organization today, at least you should make sure to stay side of the development. If you are an acceptable risk decision maker, make sure you build a good BYOx program.
"Keep in mind that if done poorly, personal device strategies in the workplace may face accidental disclosure due to loss of boundaries between work and personal information, and more business information being held and Access in an unprotected manner on consumer devices, "he added.
And realistically, Durbin said that expecting your users to find ways to use their own devices for work, even if you have a policy against BYOx.
"It was a bit like trying to hold water," he said. "You might stop it from coming to one little bit of sand, but to find a way around it. The power of the user is just too much. "
5. Engagement With Your People
And that will give us a circle full of the greatest asset of every organization and the most fragile goal: the people.
In the last few decades, organizations have spent millions, if not billions of dollars, on information-aware activities. The reason behind this approach, Durbin said, is to use their biggest asset - people - and change their behavior, thereby reducing the risk by giving them knowledge of their responsibilities. He and what they have to do
But now it has been - and will continue to be - a losing proposition, said Durbin. But organizations must make positive security behaviors part of business processes that shift employees from risk to the first line of defense in an enterprise security posture.
"As we step into the 2015 year, organizations need to shift from promoting awareness of the problem of creating solutions and embedding information security behaviors that positively affect risk," said Durbin. Said "The risks are real because people are still 'wild cards.'" Many organizations recognize people as their greatest asset yet many still fail to realize the need to secure. The 'human element' of data security In essence, people should have strong control of the organization. "
"Instead of making people aware of their data security responsibilities and how they should respond to the answer for businesses of all sizes, is to instill a positive information security behavior to send. Result 'Stop and think that behavior becomes a habit and part of the organization. Information security culture "Durbin added. "While many organizations have compliance activities that fall under the general heading of The 'safety awareness' commercial driver should truly be a risk and how new behavior can reduce that risk. "