Get Your Breach Defense On in 2015: Top 5 Security Trends in 2015

It seems like 2014 might be known as the year of the “breach.”  The constant stream of breaking news of data breaches affecting retailers, banks, governments and more kept us wondering, “who’s next?”  As criminals evolve and their targets widen, it begs the question, “what’s next for 2015?  More of the same”?

According to Thor Olavsrud, senior writer at CIO magazine, we can expect the “size, severity and complexity of cyber threats to continue increasing.”  Olavsrud cites the nonprofit association the Information Security Forum (ISF) to explain the top five security trends that will dominate 2015.

Summarized below are the key action items Olavsrud uncovers about each trend, as well as some questions relevant for your organization:

Trend 1: Cybercrime

Because cybercriminals use 21st century tools on 20th century systems organizations must be prepared for the unpredictable, which means:

  1. Know the cost of compliance and a potential breach
  2. Know what your business relies on the most to make a business case for protection

Question to consider:

–      How are you protecting your point-of-sale, networks, and in-store computers?

Trend 2: Privacy & Regulation

Treat privacy as both a compliance and a business risk issue to reduce regulatory sanctions and business costs such as reputational damage and loss of customers due to breaches.

Questions to consider:

–      How are we safeguarding personally identifiable information?

–      As more government regulations are imposed, do we have in-house counsel to help make sense of them?

Trend 3: Threats from Third-Party Providers

Are you remembering your supply chain?  Even the most innocent connections can be at risk. The Target attackers exploited a web services application that a company’s HVAC vendor used to submit invoices.  “Organizations should have business continuity plans in place to boost both resilience and senior management’s confidence,” quoted Olavsrud.

Questions to consider:

–      Do we have a risk assessment for our supply chain?

–      Is it scalable and repeatable for even our smallest vendor/supplier?

Trend 4: BYOx Trends in the Workplace

Remember BYOB?  This is less fun with the acronym “Bring your own box” – meaning employees brining their mobile devices to work.  And it’s a trend that is here to stay.

Olavsrud says that few organizations have comprehensive policies that help manage these devices at work.  Organizations should consider that employees often blur the boundary between work and personal information if they bring their mobile devices to work.  Expect your users to find a way to use their own devices for work even if you have a policy against it.  Instead of trying to fight the inevitable, construct a policy to ensure your organization has some recourse.

Questions to consider:

–      Do we have a comprehensive mobile device policy?

–      Is it followed?  Do we have consequences spelled out in the policy if it is not followed?

Trend 5: Engagement with your people

Everyone’s greatest asset and their most vulnerable target is its people.

Organizations should consider making sure its people are vastly aware of security protocol and the consequences of when it is broken.  Employees should also understand the data security protocol is each of his or her individual responsibilities, not just management. 

But organizations should also be proactive by making security behaviors part of the business process, “transforming employees from risks into the first line of defense in the organization’s security posture.”  Remember, people are the strongest part of control they have.

Questions to consider:

–      Are we addressing the human element of information security?

–      Do we have a comprehensive information plan that inspires people to protect our information?

–      What new behavior can we implement to reduce our risk?

To read Olavsrud’s original article published on CIO.com, click here.

This article was originally published in the Restaurant Loss Prevention & Security Association’s (RLPSA) newsletter, January 2015.

Leave a Reply

Your email address will not be published. Required fields are marked *