A rise in remote working is presenting new security challenges to organisations; 25 per cent of USB memory devices are infected with malware and 77 per cent of CEOs say that corporate data breaches have taken place in their organisations.
With the rise of the mobile workforce expected to drive up this figure as a direct consequence of increasing volumes of data transfer, 2012 is in danger of becoming the year of the data breach. In light of these developments, I’d like to add my mobile security predictions for 2012.
One thing I can say with absolute certainty is that data loss is not going to disappear anytime soon. In 2012 the growing reliance on mobile working and increasing risks to the endpoint will mean that companies who do not make a serious commitment to data security will be caught out. CIOs should also remember that compliance is really only a minimum standard, so they should be going over and above that level to safeguard their data in 2012.
- The number of data breaches will continue to rise in 2012, both through human error and malicious attacks. In a 2012 report the Ponemon Institute, an independent security and privacy research group, identified that risks to endpoints are growing with cloud computing and removable media both cited amongst the biggest perceived threats for 2012.
- Compliance will continue to drive data protection with the European Union planning to fine companies up to five per cent of global turnover as punishment for the most severe data breaches. The new laws will even apply to European subsidiaries of multinationals, ensuring that global companies cannot escape penalties by virtue of being based overseas. The new laws won’t come into force this year, but they show the EU’s clear intent to crack down on firms who take insufficient care to protect data.
- Financial services will see an increase in fraud, malicious attacks and internet threats as attacks become more sophisticated and cybercriminals spread more malware and Trojans, as in 2011’s ZeuS attacks. The rise of organised hacking groups such as Anonymous who target financial organisations like Visa and PayPal has introduced a new level of risk for potential targets.
- Increased collaboration and greater sense of shared responsibility for data security as governments, businesses and individuals all accept their individual responsibility for securing data. The sense that data security has to be a collaborative, joined-up effort will gain momentum and credence.
- A more proactive approach will come to the fore as businesses focus more resources on prevention to stay ahead of cybercriminals. Awareness and buzz around disaster recovery (DR) strategies will grow as businesses recognise the need to be prepared for the ‘worst case’ internal or external threats. The severity of modern threats, the potential penalties from regulators and the major cost to brands following attacks (see Sony PlayStation 3 in 2011) are all driving these trends.
- Malware incidences will continue to rise alongside mobile working as more and more employees need to take data outside of the organisation. With the mobile workforce expected to reach one billion workers, more and more data will be either sent online or physically transported this year therefore increasing the threat of a breach or loss. The use of encrypted devices with anti-virus protection should become more widespread in response to the growing threats presented by this change in working practices.
- Bring your own device (BYOD) will grow in popularity in the workplace, creating potential compatibility headaches for the IT department and increasing the need for tracking capabilities and usage metrics. Information on the types of devices used, along with where and when certain information is accessed, will be essential for information audits. The ability to quickly produce accurate reports and store forensic information on data downloaded and uploaded by employees will be key for information audits and to demonstrate compliance.
- Consumerisation of IT will continue in enterprise, with the delicate balance between consumer devices and a corporate setting continuing to create challenges around data. Staff training will be crucial to combat these issues, and firms will need to focus more resources towards ensuring that employees receive practical guidance on their responsibilities around data security. Firms must ensure that their internal security policies are up-to-date and that these take changing technology and working practices into account.