It is a well-known fact that the world of business has changed beyond all recognition in recent years. As technology has evolved, so has the world of e-commerce, mobile and digital, to the extent that the business and technological landscape is completely different to that of three or four years ago.
At the same time, however, it is important to remember that we have also seen the security threats that businesses face consistently evolving at the same rate.
While it is impossible to predict where we will be in four or five years’ time, and which security threats will be most prominent, it is easier to predict what the main security bug-bears of 2013 will be.
Here are my best educated guesses, in no particular order, along with my recommended solutions for dealing with them.
Advanced persistent threats
Advanced persistent threats (APTs) are likely to become a growing threat in 2013, as attackers broaden their target areas. Traditionally, these highly sophisticated attacks have been reserved for the defence establishment. However, perpetrators are increasingly targeting enterprises across a range of industries.
Enterprises need to be aware that APT attackers have increasing resources to sustain targeted, multi-pronged attacks over a long period of time. To counteract APTs, IT security practitioners need to understand and locate the vulnerabilities that APTs exploit.
Intelligence gathering needs to go a step beyond just researching malware, to understanding the systems used by an organisation and what the risks are. Consequently, strategies and policies should be devised to mitigate the risks and vulnerabilities, as user education is paramount to prevent social engineering.
Security within IT environments is a difficult and complex challenge, even more so in the cloud due to its seamless scalability, multi-tenancy and third-party housing.
The use of datacentres for cloud environments has raised a number of questions concerning security. A common misconception is that the responsibility of data lies with the service provider, when in fact it is with the company in question in which responsibility lies.
Organisations have been reluctant to use cloud environments as they may have no way of determining whether their data is being treated with the same level of diligence that they would use themselves.
Recommendation: Adopt information security audits with service suppliers as part of an overall best practice framework. Use best practice security models when determining the storage of data.