Mark Shepherdson (Global) - Five Security Threats to Watch Out for in 2013

If anything is certain about 2013, it is that the on-going battle for information security will continue, with new threats and countermeasures being developed on an almost daily basis. That's a given, and something that all companies will have to contend with, just as they have since the dawn of the internet and computers. And, with more and more businesses moving to adopt and embrace next generation technologies every year, companies will have to ensure that they keep on top of this in 2013.

More specifically though, there are certain risks that will be on the rise and some things that businesses can do to minimise the information security risks they face over the next 12 months and beyond. Here are five security threats we think should be a priority for 2013.

People will continue to be the weakest part of any security strategy unless their needs are engineered into a solution from the outset. This doesn't often happen and the cost of securing data takes a much higher priority than the security itself. You should always ensure that staff are aware of the risks, why and how the risk is mitigated and are able to make use of the security systems, tools and procedures provided, otherwise you'll find they aren't being used at all.

Test, test and test again. Far too many companies get a letter from the bank requesting quarterly ASV test results and assume this is the only thing they need to do. In fact, it is sensible to adopt all relevant compliance standards, regardless of a company's specific compliance drivers. These standards will help to save money in the long term, as well as preventing embarrassing leaks or intrusions that dent customer confidence.

Security patches
Understand what applications you have and patch them to the latest versions as quickly as possible. Vendors are constantly releasing security patches for a reason and, once a new version of software is available, threats will start to actively target these known flaws in network security, potentially opening a backdoor into your systems no matter how much you invest in the rest of your security infrastructure.

Bring Your Own Device policies will open up a new realm of threats for businesses as BYOD becomes increasingly popular. When we had dumb terminals and mainframes we didn't lose data because it didn't exist in a mobile form. The minute we started using portable computers we simultaneously invented mobile data and that is a growing problem, especially as tablets become more common in people's personal lives and they expect to use them at work as well. In principle, BYOD is a great idea that can help boost productivity while lowering overall maintenance costs but, for the security professional, it can also be seen as a massive risk. With Gartner predicting that employee-owned devices will be infected by malware at over twice the rate of corporate devices by 2014, you'll need to ensure that you have the necessary policies, tools and software to manage the threats accordingly.

Data Loss
Unify data storage and access into a secure centralised form and stop distributing it. Allowing any data to reside permanently on an access device (whether notebook, desktop, smartphone or tablet) means you have already lost control of it. We are all familiar with standards such as DPA and PCI compliance requiring that access to data is limited to the people and services that need to process it, but there is an illusion that all data held internally is safe. Talk to any sales person and you will uncover spreadsheets of customer contacts harvested from various sources; many from previous employers who had lax or non-existent policies to control data spread, as well as leakage from misplaced or lost USB sticks containing valuable data.

To avoid falling victim to security threats in 2013, it's imperative to acknowledge the following: that they exist, that they are rapidly evolving and that preventative measures are only part of the story. We now have ubiquitous internet connectivity and any data can be accessed from almost anywhere. The benefit of our current working environment is that, with the right security measures in place, we can happily secure our data, audit that access and protect our back office systems from malware associated with web-delivered technologies. All the while taking advantage of new and emerging technologies such as mobile and tablet devices and data access through the cloud.

Cybercrime is on the increase and technology is making ever further inroads into everyday business. Following some of these best practice tips and advice will help reduce the risks and allow businesses to focus on driving growth instead of battening down the hatches.

By Mark Shepherdson, Solutions Manager (Information Security), Trustmarque



« Jim Darragh (Global) - Gartner Predictions 2013 (Opinion): The Year of Hybrid Cloud


Roel Castelein (Global) - 'Mentating' the 10 Gartner Computing Trends for 2013 »


Do you think your smartphone is making you a workaholic?