“Organizations must prepare for the unpredictable so they have the resilience to withstand unforeseen, high impact events,” said Steve Durbin, Global Vice President of the ISF. “We recommend thinking about threats in the context of the most valuable resources in your organization, consider which threats are most likely to create significant risk and which could have considerable impact. Finally, share these threats and resilience based approaches to mitigating risk with senior management and other functions such as risk management, risk committees and business continuity planning teams.”
The top five threats identified by the ISF for 2013 are not mutually exclusive. They can combine to create even greater threat profiles and they are most certainly not the only threats that will emerge over the course of the next twelve months. The ISF has determined the five most prevalent threats to be:
Increased government presence in cyberspace will have a profound impact on the future of information security. Targets for espionage will include anyone whose intellectual property can turn a profit or confer an advantage. An extremely important aspect of cyber security will continue to be the protection of critical national infrastructure. A real cyber security concern however, could be a full internet or telecommunications blackout in the eventuality of a sophisticated cyber-attack aimed at the internet infrastructure and whilst unlikely, it remains a possibility.
Supply Chain Security
More organizations will fall victim to information security incidents at their suppliers. From bank account details held by payroll providers, to product plans being shared with creative agencies, today’s organization’
As Big Data continues to become a game-changer for businesses, the security risks have become even greater. From structured and unstructured data within the network of enterprise PCs and servers to consumer-friendly smartphones, laptops and storage devices that introduce new data management challenges, businesses can be easily overwhelmed by the risks posed by big data. Securing both the data inputs and Big Data outputs present a key challenge that can impact not just potential business campaigns and opportunities, but also have far reaching legal implications.
Data Security in the Cloud
The rising costs that are associated with proving Cloud computing compliance and external attacks on the Cloud will increase in 2013. While a number of organisations are now implementing strategies for Cloud computing security and compliance, businesses still have a way to go in certain areas, mainly because a lot of organizations still do not know where they have Cloud implemented across their business.
Consumerization – Securing Consumer Devices
If implemented poorly, a personal device strategy in the workplace could face accidental disclosures due to loss of boundary between work and personal data and more business information being held in unprotected manner on consumer devices. An additional security concern is related to location information which could be used for criminal purposes. The popularity of sharing or disclosing location online and the proliferation of GPS enabled devices will increase all types of crime exploiting location information.
The ISF Threat Horizon series of reports, aimed at both senior business audiences and information security professionals, provide more information on these and other threats. These annual reports are designed to help organizations take a proactive stance to security risks by highlighting challenges in the threat landscape and identifying how the confidentiality, integrity and availability of information may be compromised in the future. For more information, please visit the ISF website (https://www.securityforum.org/
Information Security Forum (ISF)
Founded in 1989, the Information Security Forum (ISF) is an independent, not-for-profit association of leading organizations from around the world. It is dedicated to investigating, clarifying and resolving key issues in cyber, information security and risk management and developing best practice methodologies, processes and solutions that meet the business needs of its Members.
ISF Members benefit from harnessing and sharing in-depth knowledge and practical experience drawn from within their organizations and developed through an extensive research and work program. The ISF provides a confidential forum and framework, which ensures that Members adopt leading-edge information security strategies and solutions. And by working together, Members avoid the major expenditure required to reach the same goals on their own.
Further information about ISF research and membership is available from www.securityforum.org.