IT security predictions for 2014

2013 was the year of Edward Snowden and the NSA spying revelations. We also faced a deluge of data breaches with an increasingly large amount of information compromised. The emerging trends that appeared on the radar in 2012 such as Cloud, Mobility, Social and Big Data became key challenges for organisations in 2013. These will continue to be important in 2014, but what will they evolve into? What other things do we need to consider?

Here are 10 trends to watch:

1. The Internet of Things (IoT) will be 2014’s big data

The best quote I came across in 2013 about big data was: “Big data is like teenage sex; everyone talks about it, nobody really knows how to do it, everyone thinks everyone else is doing it, so everyone claims they are doing it.” 2014 will be the year of IoT hot air and I don’t mean that as a reference to the Nest thermostat. There will be an increased number of potential security threat vectors as a result of more things being plugged in, but until this becomes the norm, we’re neglecting the more plausible ways organisational security can be breached. But because articles with “IoT” in the headline will attract more eyeballs, we will not be able to escape the term.

2. Privacy will become a major concern in the mainstream

The data monitored by the US government includes our personal information, a vast majority of which is sensitive. We already knew one could be placed on the US Department of Homeland Security’s watch list if deemed to be making public statements “not in the best interests of national security”. But we now know we can commit “thought crime” (another reference to Orwell’s 1984) on supposedly private channels.

Also, due to the number of data breaches in 2013, we are more susceptible to identity fraud. Factor in the inability to control how our information flows after we disclose it to an initial party and we have quite a number of privacy issues to deal with. New or amended privacy legislation comes into effect in some countries in 2014 (e.g. Australia) and this will raise the profile of privacy further.

3. Security departments will shift their focus from incident identification to incident reaction and management

The focus when dealing with threats up to this point has been on the identification of them. Vendors spend large sums of money expounding the wonders of their tool’s collection and analytical abilities. It has become a game of “my feature is better than your feature” and “my analytics are better than your analytics”. Ultimately, it is pointless identifying a threat when there is no path forward to manage the incident, deploy the appropriate responses and counter the threat through remediation.

4. There will be an increased focus on privileged users

Edward Snowden gained access to the infamous NSA documents through his administrative rights to systems in addition to accounts he possibly garnered through social engineering of colleagues. Those with privileged access can potentially do a lot of damage. This is not a new concept nor concern, but the Snowden incident puts privileged users back in the spotlight in 2014.

5. The number of authentication alternatives to passwords will increase noticeably and be driven by the consumer market

Although we have come to accept passwords as a necessary evil, they are inherently insecure. Consumers want to be identified using more secure, usable means and consumer-focused companies are taking note. Apple’s release of the Touch ID sensor on the iPhone 5S was the highest profile example of this in 2013. There are variants from other consumer technology companies relying on everything from our heartbeats to facial recognition scheduled for release in 2014.

6. We are at the dawn of an encryption renaissance

Snowden’s NSA documents and the realisation that data residing in the cloud is readily accessible by the US government will force organisations to re-examine where their critical data resides and encrypt as much of it as they can. Even this is not a complete solution as one of Snowden’s leaked documents showed that much of the weaker encryption methods are easily bypassed by the US government. Organisations must use stronger forms of encryption to reduce the chances of their data being decrypted.

7. Data security, resilience, availability and recovery; the next step in the consumerisation of IT

As consumers, we know to back up critical data. But we do not ensure we have multiple backup sources and can recover from failure or loss of data. We are also notoriously bad at ensuring data is secure and cannot be stolen. This will change for one reason: digital currency, more specifically, Bitcoin. With its price, popularity and profile at an all-time high, consumers will begin to take more care of personal data. The Bitcoins that one possesses reside within a digital wallet on disk. If you lose that data, you lose your Bitcoins forever.

8. The deluge and size of data breaches in 2013 will tip the scales in favour of spear phishing

Due to the large number of data breaches, criminals now know more about us than they ever have. The best phishing emails are the ones that contain personal information and are targeted at the recipient, commonly referred to as spear phishing. These emails are difficult to identify at the best of times as they use real information and thus have a higher rate of success. The more secrets a phishing email documents about us, the more likely it is to succeed. The only way around this is to assume a default state of distrust when dealing with emails.

9. There will be a noticeable increase in the number of Managed Service Providers (MSP) expanding into the Identity-as-a-Service (IDaaS) market

Identity became a core part of IT and business in 2013. MSPs that previously would not have entertained the thought of bringing an IDaaS offering to market are now seeing the demand and scrambling to meet it.

10. Organisations will get serious about their own on-premise private cloud

Trust in public cloud providers has decreased significantly, largely due to the impact of the NSA spying revelations. For organisations to enjoy the cost and productivity benefits a cloud infrastructure brings while maintaining full control over critical and sensitive data, they must deploy a private cloud. While many were merely exploring private cloud in 2013, the Snowden incident has become the compelling reason to act.

Ian Yip is the product and business manager for Identity and Security Management across the Asia Pacific region at NetIQ Australia. NetIQ, a business unit of the Attachmate Group, provides identity, access, security and compliance management solutions.

Join the CSO newsletter!

Error: Please check your email address.

More about AppleAttachmateNestNetIQNetIQNSA

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Ian Yip

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place