'Threat horizon 2013' - evaluating the future trends
The Information Security Forum (ISF), the leading, global authority on information security and information risk management published their research report "Threat Horizon 2013".
The report mentioned five key trends that will impact our business. In the near future, the range and complexity of security threats is set to rise significantly, organisations that fail to prepare now are likely to be faced with a set of future challenges that will be complex to manage.
ISF's "Threat Horizon" report used a PLEST (Political, Legal and Regulatory, Economic, Socio-Cultural and Technology) framework to consider the world of the future and how this may give rise to information security threats. (See picture1)
The five key trends ISF identifies along with the challenges for organisations are:
1 Cyber (in-)security: Governments will soon take a more proactive role in cyberspace. While many of the initiatives will be beneficial, organisations need to take account of legislation and regulation that mandates procedures and behaviours in cyberspace, much of which may be disjointed along with an increase in cyber-defence activities. Organisations should plan ahead and prepare for the upcoming this kind of threat.
2 An open knowledge society: Now, participation and innovation thrive, but organisations are left struggling to strike a balance between "transparency" and "confidentiality". Organisations should be careful when promoting transparency without losing valuable information to the public domain.
3 The Internet: a flat Earth?: A host of new entrants, many from the developing world, will potentially increase instability. The business models adapt to new mass markets. Organisations should prepare to deal with those who exploit this as a cybercrime opportunity.
4 The smart enterprise: The need to boost efficiency and optimise the use of assets will continue driving organisations to greater use of cloud computing, including both "public cloud", "private cloud" and "hybrid cloud". Organisations should make best use of these without increasing complexity and costs.
5 Consumerisation: The rise of very capable consumer devices, such as smart phones and tablets, has added further momentum to the need to manage the use of such a "consumer technology" at work. We can call this issue "The iPad Effect". Adopting a stance that completely prohibits such an approach is unlikely to be successful. Organisations should manage the risks and still lock in the benefits.
From the ISF report, the example of upcoming threats are:
n Increasing attacks on RFID, NFC, sensors and control systems (supervisory control and data acquisitions attack)
n Loss of trust/inability to prove identity and authenticate
n Coordinated attacks for extortion, blackmail, bribery or stock manipulation
n New attack vector from using the new technology
n Governmental interception of all traffic (Lawful Interception/State sponsored attack)
n Hardware back doors (low-level attacks / vulnerabilities) in chips.
n Loss of workforce loyalty, loss of organisational culture and knowledge.
n Solar flare disrupts communications globally
How can an organisation prepare for the upcoming threats?
The following are recommendations from ISF
n Re-assess the risks to our organisation and its information.
n Change your thinking about threats.
n Don't rely on trends or historical data, revise our information security arrangements.
n Question 'Security as usual', focus on the basics (back to the basic) that includes people, not just technology!
n Prepare for the future, be ready to support initiatives such as cloud computing, social networking and mobile computing.
However, increasingly information technology and security plays a pivotal role in our organisation's success and is also now a key at home. Organisations should plan ahead and manage emerging information security risks effectively. The five trends from ISF will have an impact on the nature and severity of threats to our organisation’s information and, consequently, the way we do business.
That's why we need to get serious about them.
For more information about the ISF and its reports please visit https://www.securityforum.org
Prinya Hom-anek currently serves as a senior committee member on various boards including (ISC)2 Asian Advisory Board, ISACA Thailand committee, Thailand Information Security Association (TISA) committee and secretary.