Technology / 5 key information security trends to prepare for in 2015
5 key information security trends to prepare for in 2015
17 December 2014
In preparation for The European Information Security Summit 2015, Business Technology investigates the five key areas that information security professionals should focus on over the next twelve months.
1. The insider threat
Businesses need to be aware of the threat presented by employees and business partners, whether caused by malicious behaviour or carelessness and a lack of understanding of risk.
The human factor of information security is always likely to be a threat as people make mistakes and can be easily manipulated. Whilst carelessness and lack of judgement can be the cause of some insider threats, other causes can be more malicious in origin, initiated by a rogue employee.
2. Shadow IT
Loosely defined, shadow IT applications are used by employees for business and have not been obtained via IT departments or following protocols. Such applications are usually used because employees believe they can save time, but they can have a damning effect on the business’s security.
They are not built into the security blueprint. Business security leaders need to find a balance between allowing employees the freedom to do their jobs better and holding fort when it comes to information security.
3. EU Network and Information Security Directive
The directive is the European Union’s first comprehensive attempt to establish a set of cyber security standards and regulations that would apply across the region. These changes will drastically alter methods businesses use for managing their data.
Security leaders need to keep up with these changes and the ramifications for their businesses as failure to do so will result in legal problems and heavy financial penalties. The British Business Federation Authority is looking into the concerns of British business leaders as to how the proposed ruling could affect British business and foreign investment.
4. Incident response and recovery
With attacks becoming inevitable, businesses should also focus on how they can react to a breach to minimise damage and recover services in as short a timeframe as possible.
The downtime a system requires to get back to full working order can hugely influence the impact of the breach and public perception of the attack. Segmenting networks to contain breaches and identifying prime targets are key to prevention, but what happens when the prevention does not work?
5. Social media threats
We no longer need to be told that what we post on our personal social media profiles can have serious ramifications for not only ourselves but also the companies we represent as employees. From professional sportspeople bringing shame onto their clubs to prospective employers checking job applicants’ social histories, social media has had a deep impact on our working lives.
Employees should recognise that what they publish on social sites can not only be a source of embarrassment for the employer, but also a real security threat by means of social engineering. Where is the middle ground between independent employee identities and brand protection?