“Organisations must prepare for the unpredictable so they have the resilience to withstand unforeseen, high impact events,” said Steve Durbin, global vice president of the ISF. “We recommend thinking about threats in the context of the most valuable resources in your organisation, consider which threats are most likely to create significant risk and which could have considerable impact. Finally, share these threats and resilience based approaches to mitigating risk with senior management and other functions such as risk management, risk committees and business continuity planning teams.”
The top five threats identified by the ISF for 2013 are not mutually exclusive. They can combine to create even greater threat profiles and they are most certainly not the only threats that will emerge over the course of the next twelve months.
The ISF has determined the five most prevalent threats to be:
Increased government presence in cyberspace will have a profound impact on the future of information security. Targets for espionage will include anyone whose intellectual property can turn a profit or confer an advantage. An extremely important aspect of cyber security will continue to be the protection of critical national infrastructure. A real cyber security concern however, could be a full internet or telecommunications blackout in the eventuality of a sophisticated cyber-attack aimed at the internet infrastructure and whilst unlikely, it remains a possibility.
Supply chain security
More organisations will fall victim to information security incidents at their suppliers. From bank account details held by payroll providers, to product plans being shared with creative agencies, today’s organisation’s data is increasingly spread across many parties. While the IT function can provide an inventory of all data they hold, it is difficult to do that throughout the supply chain.
As big data continues to become a game-changer for businesses, the security risks have become even greater. From structured and unstructured data within the network of enterprise PCs and servers to consumer-friendly smartphones, laptops and storage devices that introduce new data management challenges, businesses can be easily overwhelmed by the risks posed by big data. Securing both the data inputs and big data outputs present a key challenge that can impact not just potential business campaigns and opportunities, but also have far reaching legal implications.
Data security in the cloud
The rising costs that are associated with proving cloud computing compliance and external attacks on the cloud will increase in 2013. While a number of organisations are now implementing strategies for cloud computing security and compliance, businesses still have a way to go in certain areas, mainly because a lot of organisations still do not know where they have cloud implemented across their business.
Consumerization – securing consumer devices
If implemented poorly, a personal device strategy in the workplace could face accidental disclosures due to loss of boundary between work and personal data and more business information being held in unprotected manner on consumer devices. An additional security concern is related to location information which could be used for criminal purposes. The popularity of sharing or disclosing location online and the proliferation of GPS enabled devices will increase all types of crime exploiting location information.