The Information Security Forum (ISF) has announced its predictions for the 10 most likely threat scenarios that organisations face in the future. According to its new Threat Horizon 2012 report, the rapid adoption of cloud computing, increasing use of mobile devices, growth of cybercrime and online espionage, and the merging of home and work life, all have a role to play in future risk management and contingency planning.
Based on research among ISF Members, 300 of the world’s leading companies and public sector organisations, Threat Horizon 2012 builds on core themes that form the underlying drivers of the new threat landscape, including globalisation, cultural change and weaknesses in organisational infrastructure. According to Adrian Davis, Principal Research Analyst at ISF, organisations of all shapes and sizes need to take a much broader view of security threats and evolve their thinking beyond just technology.
“Organisations right now need to be thinking people, processes and technology, not just technology, which is the mistake that many security and risk professionals take. The report provides both Members and non-members with a snapshot of the issues they face, but in a wider socio-economic and political context, and enables them to plan accordingly.”
In the first scenario, ‘Contingency fails’, the report highlights that there is not enough investment in critical infrastructure at a national and organisational level. It warns that our over-reliance on Internet-only channels and the advent of cloud computing and mobile working, combined with poor Internet resilience at pinch points on the network, means businesses will need contingency plans to continue operating when the Internet fails.
The rise of the ‘Internet generation’ and what ISF calls the ‘avatar effect’ in scenario 5 — the merging of work and home life — have caused step changes in attitudes to protecting information. Personally owned mobile devices are routinely used for business and connect to the network, while business is now regularly conducted via social networking sites.
According to Davis, smartphones in particular have become the device of choice and many organisations have developed bespoke applications and rolled them out to mobile workers, further blurring the line between personal and
business use. He says: “This raises a number of added security implications as devices now share many characteristics of the mainframe, like middleware, but the security model is simply not adapting to these new demands. With mobile payment facilities becoming more viable, these devices will become even more lucrative to cybercriminals.”
Threat Horizon 2012 report — additional highlights:
•Integrity is king (scenario 9) — this is a serious challenge for organisations, which have growing amounts of digital information and access to them available in various different locations. This has led to a ‘toxic information wasteland’.
•Greening of the business (scenario 8) — efforts to reduce carbon footprint have led to more home working, but an inability for security solutions to scale accordingly, resulting in accidental disclosure of data and non-compliance of regulations.
•Cloud becomes a fog (scenario 2) — the cloud has started to attractthe attention of hackers, who see it as an opportunity to hide and cloak access into organisations.
The aim of the ISF Threat Horizon 2012 report is to provide Members and non-members with a clear view of the current and future security landscape and provide guidance. Davis adds: “Security issues apply to everyone, regardless of industry, size and structure — everyone needs to apply best practice and processes when it comes to securing their vital assets.
Predicting the future is never an exact science, but it does allow organisations to take an informed approach to risk and security planning and build in necessary precautions.”