Headlines are splashed across front pages and business journals on a regular basis where banks, media companies and government web sites have been attacked. The pace, scale and intensity of attacks have dramatically increased over the past year and are likely to continue to accelerate. Cloud, mobile and social media continue to gain attention and rightly so because of the disruptive changes they bring about on both the supply and buy sides of the market. One of the many consequences of these trends is the pull through effect on security software and services.
The world’s largest Technology, Media and Telecommunications (TMT) companies are shifting their focus on cyber security from one of compliance to one where cyber resilience is becoming a top business priority, according to the recent Deloitte, TMT Security Study. The survey found the top security focus for 2013 will be to develop a robust information security strategy to manage their increasingly complex and hyper-connected environments. Tommy Viljoen, National Security and Resilience Lead at Deloitte Australia said “The proliferation of third party networks has weakened defence systems and more than half (59%) of the organisations surveyed acknowledged a security breach in the last year. In addition less than half of the respondents reported having a plan in place to address a security breach.
SafeNet Inc. a global vendor in data protection recently announced results from a survey conducted in the United States revealing that, despite continuing investments in network perimeter technologies, respondents were not confident that they are employing the right technologies to secure their high-value data. As budgets remain tight, security officials are confronted with how best to allocate their resources to ensure security of their high-value data in an increasingly perimeter-free world.
With the increase in data, devices and connections security challenges are increasing in number and scope. They fall into three major categories: external threats, internal threats and compliance requirements. In the past threats mainly came from individuals working independently. However these attacks are becoming increasingly more coordinated and launched by groups ranging from criminal enterprises to organised collections of hackers and hacktivists. Motivations are no longer limited to seeking profit, but sometimes can include prestige or even espionage.
Enterprises are also being asked to address a steadily increasing number of national, industry and local mandates related to security that typically each have their own standards and reporting requirements. These often take a significant amount of time and effort to prioritise, develop appropriate policies and controls and then to monitor.
The Deloitte Survey also found that businesses are underestimating how well prepared they are to prevent cyber-attaches with 88% of participants not seeing their company as vulnerable. With more than 60% of the participants in this sixth annual worldwide study rating their ability to mitigate developed threats as ‘average’ or ‘high’. “Given the knowledge that most passwords can be cracked in five hours, we are seeing a shift towards multi-factor authentication such as a logon and a text code – this supports one of Deloitte’s predictions for TMT companies globally in 2013”, Dean Kingsley Deloitte Technology Risk Lead said.
In what is predicted to be a boom year for security services many will also realise that they don’t have the skills or staff for present day security requirements – let alone future strategy and deployment. Despite the organisational headwinds in 2013 with tight budgets and serious skills gaps that most organisations will confront on a daily basis, we can count on change, the attacks will change and also the attackers. Most are predicting the obvious attacks will increase in both numbers and complexity. The security vendors all went through deep transformations during 2012 reflecting the changing trends in the market and this will not abate in 2013.
—Len Rust, firstname.lastname@example.org