Monday, 7 January 2013

Irish businesses are facing increased security threats in 2013





Integrity Solutions, Ireland's largest IT
security specialist, today warned that many Irish businesses are facing
increased security threats in 2013. Mobile malware, securing the big
data mountain, increasingly sophisticated social engineering and social
networking attacks and issues surrounding security and compliance in the
cloud, will all become more prevalent this year.

Following major security breaches in recent times at large international
businesses such as Sony, LinkedIn, Global Payments and RSA, even the
most successful organisations are finding it difficult to protect all of
their data, all of the time.  In Ireland, there were a smaller number of
high profile security breaches in 2012 but this should not put
organisations off their guard.

Sean Rooney, technical director of Integrity Solutions, comments, "We
are beginning to see more of a 'prevention is better than cure' attitude
in Irish organisations at present. While this is a positive step, we
cannot stress strongly enough that much more will have to be done to
ensure adequate security precautions are in place. This means that
businesses need to take a holistic view of their security posture. They
must understand, not only what their "crown jewels" are, but also where
they are located, and then do everything in their power to protect them.
With an increasingly mobile workforce this isn't necessarily an easy
task."

Top 5 predictions from Integrity Solutions' security review in Ireland:

1. Mobile malware will grow exponentially this year - ESET, the global
protection provider, reported an increase of 1,700% in unique detections
of malware for the Android platform in 2012. This is just one platform
in a marketplace that is becoming increasingly saturated with mobile
devices and applications.  With the growth of 'BYOD' giving employees
remote access to business data via personal smartphones and tablets, and
the increasing amount of confidential information being held on these
devices, they are becoming the path of least resistance for cyber
criminals, granting easy access to corporate networks.  Irish
organisations need to put technologies and policies in place, to gain
greater control of all devices accessing their network.

2. Big Data Mountain - With 2.5 quintillion bytes of data created every
day it is becoming more difficult for organisations to manage data and
extract value from it. As a result, big data technologies are emerging
that can analyse and manage this data quickly. In terms of IT security,
organisations need to be aware of where all of its data is residing and
find ways of categorising it correctly to ensure the appropriate levels
of security are applied. A data breach, whether accidental or malicious
can have serious consequences for the reputation of a business.

3. Social Engineering - Educating all employees on IT security threats
will be essential in 2013 as social engineering will continue to rise.
The human element can often be seen by the hacker as the weakest link
and they will try to deceive unknowing employees into allowing access to
an organisations network. Encouraging employees to be more cautious and
aware when it comes to IT security will go a long way to complement the
technology solutions in place.

4. Social Networking - As Irish organisations increasingly use social
media such as Facebook, LinkedIn, Twitter and YouTube to engage with
their customers, the IT security threats from these platforms will
increase. In addition, the monetisation of social networks will present
opportunities for cyber criminals and lead to greater vulnerabilities
for organisations.

5. Cloud Computing - The continued march to the cloud will see an
increased need to understand the individual security, compliance and
regulatory requirements of large and small businesses. Cloud providers
will need to offer assurances that they can manage a customer's data
security and Irish businesses will also need to be fully aware of their
own obligations in this area.

Other security threats highlighted by Integrity Solutions include
continued increase in hacktivism and distributed denial of service
(DDoS) attacks, including potential attacks on national infrastructure.

Sean Rooney continued, "IT security monitoring can no longer be seen as
an add-on, it must be seen as a critical business function. Regardless
of how many security devices are protecting a network, if traffic isn't
being actively monitored companies have no insights into what's going
on. With all the potential threats to organisations, a risk based
approach is needed where monitoring, detection and response are central.
IT security attacks will happen but the important thing is to be aware
of any attack and contain it as quickly as possible to minimise any loss
or damage.  A risk based security strategy will allow organisations to
have the adequate controls in place to protect their most important data
assets and to be aware of any incident as it is happening and not days
or months afterwards when it is too late to remedy."