How to Secure Your Company’s Greatest Risk: The User
Is it too early to start thinking about 2014?
It isn’t if you make or sell calendars (yes, I already have mine on hand for next year). It also isn’t too early to think about 2014 if you are concerned about network security. Security experts are beginning to release their predictions for next year, and as always it will be interesting to see how the different expert opinions overlap, as well as how correct their forecasts are.
My own prediction is that in 2014, we will see a much higher sophistication in attacks. Not just malware and ransomware and DDoS attacks getting more complex and difficult to guard against, but a whole new level of how networks and businesses will be targeted. Jason Fredrickson, senior director of application development at Guidance Software, has similar thoughts. He predicts that attackers will up the ante when it comes to using social engineering as a way to get to the network and that hardware will be the next focal point for attacks.
However, Fredrickson added two other predictions that should seriously be considered. One didn’t surprise me and the other caught me off guard.
The one that didn’t surprise me was the idea that the NSA revelations will change the way companies think about security, primarily encryption. Fredrickson explained in an email:
The extent to which the NSA has penetrated companies’ networks has been staggering. The NSA and PRISM will be a driver for companies tightening up security and developing ways to protect their data from decryption. In the coming months, more companies will ask, ‘How can we prevent the NSA from looking at data on our employees and customers?’
The prediction that made me think twice was the idea that security collaboration will have a setback in the coming months. Fredrickson stated:
The government recently released the National Institute of Standards and Technology’s (NIST) preliminary Cybersecurity Framework with the objective of reducing cyber risks to critical infrastructure. While this represents a good start, I feel that it does not focus enough on detecting anomalies from normal baselines and does not sufficiently focus on requiring and enabling collaboration. If relationships between companies and the government continue to be strained (because of NSA concerns), collaborative efforts in the security industry may suffer setbacks as organizations attempt to shore up their defenses against government intrusion.
I totally see his point. Trust has been eroded between government and business, thanks in part to the NSA’s activities. But let’s be honest, business has long been wary of government involvement, otherwise cybersecurity standards would have been passed by Congress and made law a long time ago. However, at no time has collaboration been more important, as these attacks become more sophisticated and the global workforce shrinks. I hope that this particular prediction goes in the other direction, and that collaboration becomes stronger as both sides realize that cooperation is the best defense against the bad guys.
