IT security trends 2015
The IT security landscape is complicated – we saw it evolve dramatically over the past 12 months and it is set to do so again over the coming 12 months. Here are five IT security trends and threats Instant On IT expect to increase in 2015:
1. ‘Insider’ breaches
The human factor remains a prominent threat in terms of IT security. According to PwC data issued in 2014, approximately 1/3 of the most serious data breaches in the UK occur as a result of inadvertent human error. The introduction of new technologies, new working practices and increasingly targeted approaches to encourage employees to hand over their credentials amplify the propensity to make mistakes. No size or sector is below the threat radar but many organisations continue to assume that their people understand the latest IT security risks and will adopt best practice as a matter of course. “When organisations overlook the threats residing inside their ecosystems, the effects can be devastating. Yet many companies do not have an insider-threat program in place, and are therefore not prepared to prevent, detect, and respond to internal threats.” – PwC
Suggestion: plan employee training
2. Cloud security risks
Cloud will continue to gain momentum in the SME marketplace, offering benefits of flexibility, pay-for-use and reduced hardware investment. As cloud matures, the service delivery options available give businesses viable options. David Lacey, director of research at the Information Systems Security Association (ISSA-UK) agrees that cloud is a good solution for SMEs if they choose professional, reliable service providers. However, not all cloud providers or options are the same and we expect cloud security to pose a risk for those that make ill-informed decisions in their move to the cloud.
Suggestion: vet your cloud supplier
3. Mobile vulnerabilities
The very recent Moonpig flaw which gave relatively easy access to customers’ names, birth dates, and email and street addresses, and enabled orders to be placed under any account, is just one example of how online security assurance levels can vary significantly. Attackers will look to exploit such vulnerabilities, especially on mobile where there is even more scope for flaws. There’s no getting away from the fact that we store and access a growing amount of data on our phones. Availability and adoption of mobile apps that contain sensitive banking, financial and personal health information will grow over coming months, as will mobile payment systems. Along with our urge to be constantly connected, there will also be an increase in attempts to exploit wi-fi and gain access to our personal information, passwords, business and personal email, corporate documents, corporate networks or applications.
Suggestion: protect your mobile data
4. Open doors in open source
We only need to look at Heartbleed and Shellshock in 2014 to remind us of the ramifications of vulnerabilities in open source protocols. We expect hackers will continue to search for open doors in open source code in their quest to get hold of confidential information.
Suggestion: ensure regular patching of systems and software
5. Adoption of password technologies
Stolen passwords were at the heart of many of the most high profile security attacks over the past year: hackers stealing passwords to break into private iCloud accounts belonging to celebrities, or abuse of passwords to gain access to JPMorgan Chase’s network, exposing the data of 76 million consumers.Technology such as Single Sign-on (SSO) and multifactor authentication are already available and are changing the way passwords are handled in organisations of all sizes. We expect to see usage trends increase and technologies in this space evolve.
Suggestion: review your password technologies
Our list of IT security threats and trends for 2015 might make for a gloomy read but the good news is that, from our experience, an increasing number of businesses are adopting a positive stance when it comes to IT security and best practice is therefore becoming more widespread. This is reassuring as, in 2015, it will be all the more important to align the organisation’s technology, processes and people, if security risks (and the financial and reputational risks that go hand in hand with these) are to be minimised.