Member Article

The future of cyber security and what it means for your business in 2014

Technology has undoubtedly changed the way that all businesses conduct business – from strategy to output, technological advances have changed the way that companies transact both with other businesses as well as with their customers.

Whilst technology facilitates much more efficient output and puts limitless connections at close range, increasingly wider adoption of technology into the office has meant that cyber security is no longer just a technology issue, but a business one-one which business simply cannot afford to ignore.

Looking back at the milestones of 2013, Dr Guy Bunker, SVP Product and Cyber Security expert at Clearswift, global cyber-security company, offers some expert insight into 2014 predictions:

1. DPO role still not understood. While the need for a Data Protection Officer is still a way off, even by the end of 2014 the need and requirements will still be ignored by most organizations. This will lead to a last minute rush – which will still leave organizations without the required personnel.

2. Collaboration will continue to grow – Part 1. Of course it will… however there will be more security events caused by 3rd party data breaches reported. There will be calls for increased auditing of 3rd party providers.

3. Collaboration will continue to grow – Part 2. Of course it will… however, the cyber-attacks will start to be targeted at the weakest point along the value chain – rather than directly at the target. Why attack the strongest link in the chain, when the weakest will be adequate.

4. Changed info attacks will increase. The next generation of cyber-attacks will look to change information to create disruption, rather than just stealing it to be re-purposed.

Organisations will need to introduce data integrity checking on all major applications. (Imagine what would happen if every day, 2% of all the phone numbers in the CRM system changed… would you notice, and when you did, would you be able to do anything about it?)

5. Increased attacks on security vendors. We will see an increase in attacks on security vendors to introduce ‘backdoors’ into their customers. We have seen this in the past, e.g. RSA, but these will increase. The biggest targets will be the cloud security providers – as one backdoor there will open the door into (potentially) hundreds of customers.

6. Increase in ‘old’ BYOD device security events – Part 1. When an employee leaves they frequently continue to have information which is sensitive or critical for their previous employer. Loss of this information will cause embarrassment.

7. Increase in ‘old’ BYOD device security events – Part 2. When an employee starts a new role (especially at a competitor) there will be an increased need to ensure that no information attributable to a previous employer is received – in particular from BYOD which has been used in both cases. Cases of ‘inadvertent’ industrial espionage will surface.

8. Targeted attacks on smart meters. With the rise of smart meters and the internet of things, there is another perfect storm brewing for an attack on the smart meter – this will manifest as denial of service attack, or a man-in-the-middle attack. There will also be issues over the information gathered (or capable of being gathered) being misused by those who collect it, or ‘others’ who collect it maliciously.

9. Information Governance becomes a recognised buzzword. There will be increased call from legislators for organizations to better understand where their critical information is. We have seen issues in the past where backup tapes etc. have been known about, but unable to be located – and the result has been fines for not producing the information. Inadvertent loss.

This granularity will reduce, such that even copies of information on memory sticks will become part of the reporting. Critical information will need to be better understood, before it can be managed – what is the information, where is it stored, who has access. Information Governance (IG) is the term for this understanding and ultimately management of critical information. Solutions will start to come to market to address the IG challenges.

10. 2014 the year for global identity? Every year I wonder if this will be the year identity gets turned on its head – and become ‘person’ centric rather than ‘company’ centric. I don’t think it will happen in 2014… but, you can but hope!

This was posted in Bdaily's Members' News section by Clearswift .