...

W PREDICTING THE INFORMATION SECURITY

by user

on
Category: Documents
62

views

Report

Comments

Transcript

W PREDICTING THE INFORMATION SECURITY
PREDICTING THE
INFORMATION SECURITY
LANDSCAPE
W
e are heading towards an alwayson, always-connected world with
greater connectivity between people,
increasingly seamless connections
between devices and as a direct
result, an explosion of the amount of internet data. This
is according to research prepared by PwC and the UK
Technology Strategy Board, which was undertaken to
forecast the information security environment over the
next decade.
NEW MODELS OF IDENTITY AND TRUST
Identity and trust will be key drivers of change and
while current thinking primarily looks at human to
human trust, by 2020 the report predicts there will be
even greater connectivity between people and devices.
This will create new requirements for humans to trust
technology, technology to trust technology, and even
technology to trust humans as devices increasingly act
on behalf of people.
It is forecast that ubiquitous devices will seamlessly
and automatically interact with other devices around
them, adapting functionality to their local environment
and other objects in their proximity, meaning that
devices could effectively talk to one another without
human interaction.
An interrelated concept to trust is identity. As
people spend a larger proportion of their time online,
establishing identity will become even more of a
challenge as fewer interactions will be face-to-face, a
greater volume of private information will be available
online and new technologies will make it easier to
impersonate individuals. Larger volumes of online
purchases and transactions mean that cyber criminals
will be willing to invest in additional resources in
developing more sophisticated and dangerous attacks.
The traditional banking system has been shaped
by the underlying need for trust, and for third parties
to evaluate and price risk. While not new, the trend
towards a cashless society and the emergence of
contactless payment systems will likely accelerate
particularly given the phasing out of cheques by 2018.
Yet the advantages associated with the non-traceability
16
of digital cash will also create new threats as this will
provide online criminals with another powerful weapon
in their arsenal.
OVERCOMING THE LANGUAGE BARRIER
Additional PwC research which looked at why business
leaders tend to underestimate information security risk
suggests that historically, business leaders and boards
have tended to regard it as a technology issue, which
is reflected by the traditional reporting channels. But
this is a complete misconception. Given the rising
complexity and volume of threats there will be more
need for a proactive approach to information security.
Tackling the risk of security breaches in companies
is being undermined by a potentially damaging
breakdown in communication between the information
security function, IT and the rest of the business. Instead
of working together toward common goals, different
parts of the business often fail to understandb – or
even respect – each other’s roles. Miscommunication
lies in the different languages understood by the three
departments, and the research concludes that there
are parallel steps that business and information security
leaders need to take to close the gap.
‘Given the rising complexity
and volume of threats there will
be more need for a proactive
approach to information
security.’
icaew.com/itfac
FEATURES
EMBEDDING INFORMATION SECURITY
INTO BUSINESS-AS-USUAL
Increasing focus on information security could
ultimately provide competitive advantage.
Organisations that take a more proactive approach to
investing in solutions could increasingly gain trust from
customers and therefore make gains in market share,
attract consumers to use their products and services
and interact with customers in new ways. On the
other hand, those that do not have a comprehensive
approach to information security are exposed to the
risks of losing intellectual property, losing market share
and income, and incurring damage to brand.
WHAT SHOULD BUSINESS LEADERS BE
THINKING ABOUT?
s )MPLEMENTINGANUPTODATEINFORMATIONSECURITY
strategy that is aligned and mapped to the specific
NEEDSOFTHEBUSINESS
s #LEARLYDElNINGTHEROLESANDRESPONSIBILITIES
of information security managers, with the
APPROPRIATEREPORTINGLINESWITHINTHEBUSINESS
s !UDITINGTHEEFFECTIVENESSOFINFORMATIONSECURITY
ONANANNUALBASIS
s 0UTTINGTOPLEVELPOLICIESINPLACEFORCREATINGA
CULTUREOFSECURITYAND
s %MBEDDINGCORPORATERESPONSIBILITYFORPROTECTING
the business.
There are many uncertainties with respect to how
the industry will evolve over the next decade, but it
is certain that businesses will need to be innovative in
developing new products and services. The security of
corporate information will stand or fall by the ability of
the organisation’s various functions to communicate
clearly and effectively with one another. This requires
investment to sustain a meaningful dialogue, and a
change in mindset is needed from all sides.
William Beer
Director
OneSecurity, PwC
s -EASURINGPERFORMANCEANDENSUREITISINLINE
WITHTHEBUSINESSNEEDS
s &ORMINGACROSSORGANISATIONALTEAMTOCOORDINATE
and communicate information security issues on a
regular basis, including senior management from
finance, legal, risk, human resources, as well as
SECURITYTECHNOLOGYANDEVENPUBLICRELATIONS
CHARTECH ISSUE 170 | DEC 2010 / JAN 2011
17
Fly UP