Threat Horizon 2013: Evaluating the future trends and impact on your organization from ISF

ISF’s “Threat Horizon” report used a PLEST (Political, Legal and Regulatory, Economic, Socio-Cultural and Technology) framework to consider the world of the future and how this may give rise to information security threats. (See picture 1)

The ISF’s five key trends it identifies along with the challenges for organisations are:
1. Cyber (in-)security – governments will soon take a more proactive role in cyberspace. While many of the initiatives will be beneficial, organisations need to take account of legislation and regulation that mandates procedures and behaviours in cyberspace, much of which may be disjointed along with an increase in cyber-defence activities. Organisations should plan ahead and prepare for the upcoming this kind of threat.

2. An open knowledge society – now, participation and innovation thrive, but organisations are left struggling to strike a balance between “transparency” and “confidentiality”. Organisations should be careful when promoting transparency without losing valuable information to the public domain.

3. The Internet: a flat Earth? – a host of new entrants, many from the developing world, will potentially increase instability. The business models adapt to new mass markets. Organisations should prepare to deal with those who exploit this as a cybercrime opportunity.

4. The smart enterprise – the need to boost efficiency and optimise the use of assets will continue driving organisations to greater use of cloud computing including both “public cloud”, “private cloud” and “hybrid cloud”. Organisations should make best use of these without increasing complexity and costs.

5. Consumerisation – the rise of very capable consumer devices, such as smartphones and tablets, has added further momentum to the need to manage the use of such a “consumer technology” at work, we can call this issue “The iPad Effect”. Adopting a stance that completely prohibits such an approach is unlikely to be successful. Organisations should manage the risks and still lock in the benefits.

From ISF report, the example of upcoming threats are …
– Increasing attacks on RFID, NFC, sensors and control systems (SCADA attack)
– Loss of trust / inability to prove identity and authenticate
– Co-ordinated attacks for extortion, blackmail, bribery or stock manipulation
– New attack vector from using the new technology
– Governmental interception of all traffic (Lawful Interception/State sponsored attack)

– Hardware back doors (low-level attacks / vulnerabilities) in chips.
– Loss of workforce loyalty, loss of organisational culture and knowledge.
– Solar flare disrupts communications globally
How organisation prepare for the upcoming threats? (Recommendations from ISF)
– Re-assess the risks to our organisation and its information
– Change your thinking about threats
– Don’t rely on trends or historical data, revise our information security arrangements
– Question ‘Security as usual’, focus on the basics (back to the basic) that includes people, not just technology!
– Prepare for the future, be ready to support initiatives such as cloud computing, social networking and mobile computing.
However, increasingly information technology and security plays a pivotal role in our organisation’s success and is also now key at home. Organisations should plan ahead and manage emerging information security risks effectively. The five trends from ISF will have an impact on the nature and severity of threats to our organisation’s information and, consequently, the way we do business. That’s why we need to get serious about them.
For more information about the ISF and its reports please visit https://www.securityforum.org