2013 will be the year conventional approaches to IT security will be abandoned

4 Jan 2013

It is the dawn of a new year and with the certainty with which you could set your watch, IT security firms are making somber threat predictions. The only thing they can agree on is the points of security failure will grow exponentially in 2013.

Once firms could rely on firewalls and anti-virus software to keep the bad guys out, but now all the boys and girls are running around the house opening doors and windows and inviting the burglars in.

This is true when you consider the threats caused by social media, trends like bring your own device (BYOD), and the rise and rise of cloud-based computing.

Where once firms could be protected by a tapestry of trenches, the battlefield has become one of manoeuvre.

“Conventional approaches to information security, like perimeter defences and antivirus, are no longer enough,” said EMC Ireland country manager Jason Ward.

“Security leaders need to take an intelligence-based approach to security and advance their information security strategies to keep up with the increasing pace of technological advances,” Ward added.

Ward was commenting on the findings of a report by the Security for Business Innovation Council (SBIC), a group of top security leaders from Global 1,000 enterprises.

Because IT defences can no longer be built once or built on top of, the SBIC recommends the responsibility for security of data should transcend entire organisations.

It urges businesses boost risk and business skills within security teams, ensure the security teams build relationships with middle managers, evaluate and prove the integrity of their entire IT supply chain and instead of fighting disruptive forces like the consumerisation of IT or cloud, embrace them in order to stay ahead of the game.

Prevention is better than cure

Local IT security company Integrity said that while major security breaches at Sony, LinkedIn, RSA and Global Payments occupied the headlines, local firms need to remain on guard.

“We are beginning to see more of a ‘prevention is better than cure’ attitude in Irish organisations at present,” Sean Rooney, technical director at Integrity Solutions, said.

“While this is a positive step, we cannot stress strongly enough that much more will have to be done to ensure adequate security precautions are in place.

“This means that businesses need to take a holistic view of their security posture. They must understand, not only what their ‘crown jewels’ are, but also where they are located, and then do everything in their power to protect them.

“With an increasingly mobile workforce this isn’t necessarily an easy task,” Rooney said.

IT threat predictions 2013

Rooney predicted that mobile malware will grow exponentially this year, referring to research by ESET that cited a 1,700pc increase in unique detections of malware in the Android platform in 2012.

As big data becomes the topic de jour, Rooney said organisations need to be aware of where all their data is residing and find ways to categorise it correctly and ensure appropriate levels of security are applied. A data breach can have serious consequences for the reputation of a business.

He said social engineering will continue to rise as hackers still see the human element as the weakest link and will try to deceive employees to open up access to the corporate IT network. Encouraging employee caution in terms of IT security would be a wise step, he said.

As Irish organisations increasingly use social media such as Facebook, LinkedIn, Twitter and YouTube to engage with their customers, the IT security threats from these platforms will increase. In addition, the monetisation of social networks will present opportunities for cyber-criminals and lead to greater vulnerabilities for organisations. 

Rooney said the continued march to the cloud will see an increased need to understand the individual security, compliance and regulatory requirements of large and small businesses. Cloud providers will need to offer assurances that they can manage a customer’s data security and Irish businesses will also need to be fully aware of their own obligations in this area.

John Kennedy is a journalist who served as editor of Silicon Republic for 17 years

editorial@siliconrepublic.com