MANY IRISH BUSINESSES will face “significantly increased” security threats in the coming year, according to a leading IT security specialist.
Integrity Solutions pointed to recent major security breaches at large international businesses such as Sony, LinkedIn, Global Payments and RSA – saying that, despite a smaller number of high profile security breaches in Ireland last year, “this should not put organisations off their guard”.
The security specialist says mobile malware, securing the big data mountain, increasingly sophisticated social engineering and social networking attacks, and issues surrounding security and compliance in the cloud will all become more prevalent this year.
“We are beginning to see more of a ‘prevention is better than cure’ attitude in Irish organisations at present. While this is a positive step, we cannot stress strongly enough that much more will have to be done to ensure adequate security precautions are in place,” said Sean Rooney, technical director of Integrity Solutions.
“This means that businesses need to take a holistic view of their security posture. They must understand, not only what their ‘crown jewels’ are, but also where they are located, and then do everything in their power to protect them. With an increasingly mobile workforce this isn’t necessarily an easy task.”
Top 5 predictions from Integrity Solutions’ security review in Ireland:
1. Mobile malware will grow exponentially this year
ESET, the global protection provider, reported an increase of 1,700 per cent in unique detections of malware for the Android platform in 2012. This is just one platform in a marketplace that is becoming increasingly aturated with mobile devices and applications. With the growth of ‘BYOD’ giving employees remote access to business data via personal smartphones and tablets, and the increasing amount of confidential information being held on these devices, they are becoming the path of least resistance for cyber criminals, granting easy access to corporate networks. Irish organisations need to put technologies and policies in place, to gain greater control of all devices accessing their network.
2. Big Data Mountain
With 2.5 quintillion bytes of data created every day it is becoming more difficult for organisations to manage data and extract value from it. As a result, big data technologies are emerging that can analyse and manage this data quickly. In terms of IT security, organisations need to be aware of where all of its data is residing and find ways of categorising it correctly to ensure the appropriate levels of security are applied. A data breach, whether accidental or malicious can have serious consequences for the reputation of a business.
3. Social Engineering
Educating all employees on IT security threats will be essential in 2013 as social engineering will continue to rise. The human element can often be seen by the hacker as the weakest link and they will try to deceive unknowing employees into allowing access to an organisations network. Encouraging employees to be more cautious and aware when it comes to IT security will go a long way to complement the technology solutions in place.
4. Social Networking
As Irish organisations increasingly use social media such as Facebook, LinkedIn, Twitter and YouTube to engage with their customers, the IT security threats from these platforms will increase. In addition, the monetisation of social networks will present opportunities for cyber criminals and lead to greater vulnerabilities for organisations.
5. Cloud Computing
The continued march to the cloud will see an increased need to understand the individual security, compliance and regulatory requirements of large and small businesses. Cloud providers will need to offer assurances that they can manage a customer’s data security and Irish businesses will also need to be fully aware of their own obligations in this area.
Other security threats highlighted by the group include continued increase in ‘hacktivism’ and distributed denial of service (DDoS) attacks, including potential attacks on national infrastructure.
“Regardless of how many security devices are protecting a network, if traffic isn’t being actively monitored companies have no insights into what’s going on. With all the potential threats to organisations, a risk based approach is needed where monitoring, detection and response are central,” Rooney said.