Comments
Description
Transcript
W PREDICTING THE INFORMATION SECURITY
PREDICTING THE INFORMATION SECURITY LANDSCAPE W e are heading towards an alwayson, always-connected world with greater connectivity between people, increasingly seamless connections between devices and as a direct result, an explosion of the amount of internet data. This is according to research prepared by PwC and the UK Technology Strategy Board, which was undertaken to forecast the information security environment over the next decade. NEW MODELS OF IDENTITY AND TRUST Identity and trust will be key drivers of change and while current thinking primarily looks at human to human trust, by 2020 the report predicts there will be even greater connectivity between people and devices. This will create new requirements for humans to trust technology, technology to trust technology, and even technology to trust humans as devices increasingly act on behalf of people. It is forecast that ubiquitous devices will seamlessly and automatically interact with other devices around them, adapting functionality to their local environment and other objects in their proximity, meaning that devices could effectively talk to one another without human interaction. An interrelated concept to trust is identity. As people spend a larger proportion of their time online, establishing identity will become even more of a challenge as fewer interactions will be face-to-face, a greater volume of private information will be available online and new technologies will make it easier to impersonate individuals. Larger volumes of online purchases and transactions mean that cyber criminals will be willing to invest in additional resources in developing more sophisticated and dangerous attacks. The traditional banking system has been shaped by the underlying need for trust, and for third parties to evaluate and price risk. While not new, the trend towards a cashless society and the emergence of contactless payment systems will likely accelerate particularly given the phasing out of cheques by 2018. Yet the advantages associated with the non-traceability 16 of digital cash will also create new threats as this will provide online criminals with another powerful weapon in their arsenal. OVERCOMING THE LANGUAGE BARRIER Additional PwC research which looked at why business leaders tend to underestimate information security risk suggests that historically, business leaders and boards have tended to regard it as a technology issue, which is reflected by the traditional reporting channels. But this is a complete misconception. Given the rising complexity and volume of threats there will be more need for a proactive approach to information security. Tackling the risk of security breaches in companies is being undermined by a potentially damaging breakdown in communication between the information security function, IT and the rest of the business. Instead of working together toward common goals, different parts of the business often fail to understandb – or even respect – each other’s roles. Miscommunication lies in the different languages understood by the three departments, and the research concludes that there are parallel steps that business and information security leaders need to take to close the gap. ‘Given the rising complexity and volume of threats there will be more need for a proactive approach to information security.’ icaew.com/itfac FEATURES EMBEDDING INFORMATION SECURITY INTO BUSINESS-AS-USUAL Increasing focus on information security could ultimately provide competitive advantage. Organisations that take a more proactive approach to investing in solutions could increasingly gain trust from customers and therefore make gains in market share, attract consumers to use their products and services and interact with customers in new ways. On the other hand, those that do not have a comprehensive approach to information security are exposed to the risks of losing intellectual property, losing market share and income, and incurring damage to brand. WHAT SHOULD BUSINESS LEADERS BE THINKING ABOUT? s )MPLEMENTINGANUPTODATEINFORMATIONSECURITY strategy that is aligned and mapped to the specific NEEDSOFTHEBUSINESS s #LEARLYDElNINGTHEROLESANDRESPONSIBILITIES of information security managers, with the APPROPRIATEREPORTINGLINESWITHINTHEBUSINESS s !UDITINGTHEEFFECTIVENESSOFINFORMATIONSECURITY ONANANNUALBASIS s 0UTTINGTOPLEVELPOLICIESINPLACEFORCREATINGA CULTUREOFSECURITYAND s %MBEDDINGCORPORATERESPONSIBILITYFORPROTECTING the business. There are many uncertainties with respect to how the industry will evolve over the next decade, but it is certain that businesses will need to be innovative in developing new products and services. The security of corporate information will stand or fall by the ability of the organisation’s various functions to communicate clearly and effectively with one another. This requires investment to sustain a meaningful dialogue, and a change in mindset is needed from all sides. William Beer Director OneSecurity, PwC s -EASURINGPERFORMANCEANDENSUREITISINLINE WITHTHEBUSINESSNEEDS s &ORMINGACROSSORGANISATIONALTEAMTOCOORDINATE and communicate information security issues on a regular basis, including senior management from finance, legal, risk, human resources, as well as SECURITYTECHNOLOGYANDEVENPUBLICRELATIONS CHARTECH ISSUE 170 | DEC 2010 / JAN 2011 17