Last year, some large organizations fell victim to some of the biggest security breaches to date as hacker groups such as Anonymous and LulzSec made their presence known. We can be sure that cybercriminals will continue to look to profit from their illicit activities with ever-evolving tactics. But rather than wait for them to strike, a little foresight in four key areas can help prepare you to fight back.
1. Mobile Security
The explosion of tablet computing shows no sign of slowing down. For too long, however, the security of these devices has lagged behind that of desktop and laptop computers. Many enterprises have struggled to balance the pressure from workers to allow these technological marvels with IT security.
While many argue that Microsoft has fallen behind in the tablet market, 2012 could see Microsoft gaining ground with Windows 8, which is expected to go into beta this year. Windows 8 is widely anticipated to provide superior integrated security features and will be more appealing to the corporate world. Microsoft is also following Apple's lead of having a dedicated app store, but is expected to include corporate controls, which will give companies a more "corporate friendly" tablet. The ability to connect Windows 8 tablets to a domain will ensure that these devices can be secured just like any other Windows endpoint.
2. Bring Your Own Device to Work
It is not only tablets-smartphones also pose a serious security concern to the enterprise, especially with the growing trend of people using their personal devices to improve their work/life balance. Lured by aesthetics and functionality, little regard is given to corporate security. Personal laptops are of even greater concern as the specification could present the organization with a rather large liability headache.
One of the major concerns of this BYOD phenomenon is that the apps users download to their personal devices could introduce vulnerabilities. Additionally, users will be more likely to transfer corporate data onto their devices in order to take advantage of the flexibility and freedom that they offer. Tech-savvy users will use external cloud storage accounts, such as Dropbox, or even email it out of the network and access it externally. The biggest risk here is data loss, so naturally this is where we will see the largest investment, as companies battle to control corporate data.
A fairly new advancement that could gain traction is the adoption of a "hypervisor" for smartphones, which allows multiple operating systems to share a single hardware host. This means that a phone could effectively be split into two distinct profiles, that are securely isolated from one another. The corporate side could be managed by the enterprise, complete with enhanced security solutions and controls, while the personal side can be set up for uses including apps, music and contacts.
3. Endpoint Security
With the explosion of mobile devices, we have also seen an increased focus on endpoint security. Solutions that are able to detect the criminals' increasingly diverse arsenal of threats will become crucial in the battle against stealthy and persistent malware. As a result, the adoption of application control and privilege management solutions within the operating system will increase in order to provide a more proactive approach to endpoint security.
Many malware attacks can be mitigated-even eliminated-with better control over application execution and user privileges. Both solutions will become more relevant on the server side, too, as organizations look to adhere with compliance initiatives and show their servers are secured.
4. Cloud Security
No prediction would be complete without a look to the sky, and for this, compliance could be the key differentiator. While smaller organizations will continue to adopt cloud-based services more readily, larger organizations, especially those governed by regulatory compliance, will continue to tread carefully and stick to more mature cloud offerings.
That said, the security of servers in the data centers of cloud providers will drive more innovative security at the hypervisor level. This in turn will allow the security software to have a complete view of the hosted servers, especially when dealing with stealthy attacks. If cloud providers are to appeal to customers in highly regulated industries, administrator access, and their actions on servers within the data centers, needs to be better controlled and monitored.
Paul Kenyon is CEO of Avecto, a Manchester, UK-based technology firm.Risk Management Magazine and Risk Management Monitor. Copyright 2013 Risk and Insurance Management Society, Inc. All rights reserved.