Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

The top infosec issues of 2014

Taylor Armerding | Nov. 18, 2014
Security experts spot the trends of the year almost past.

Internet of Everything (IoE) -- a hacker frontier
The Internet of Things (IoT) is so last year. It is now the IoE. Smart, embedded devices in homes, cars, electronics, machines, and worn by individuals are now mainstream. They already number in the billions, and estimates of their growth range from 50 billion by 2020 to more than a trillion within the next decade.

And that means a growing tsunami of data flowing to the Internet, where it can be sold for marketing purposes or stolen for more malicious means.

Isaacs, who says she is among those who uses an exercise wearable, said she used "dummy data" to register it. "So nobody knows it's my data," she said. "It can't be mapped directly to me."

In general, however, she said, "everyone is oversharing everything. The threats are broad and potentially catastrophic. I'm very nervous about the smart cars I see.

There does seem to be an increasing awareness of the privacy implications of smart cars. The AP reported this week that 19 automakers that make most of the cars and trucks sold in the U.S. signed on to a set of principles, delivered to the Federal Trade Commission (FTC), that seek to reassure vehicle owners that the information gathered by those vehicles, "won't be handed over to authorities without a court order, sold to insurance companies or used to bombard them with ads ... without their permission."

The vulnerabilities of "smart" devices to hacking have been demonstrated numerous times, prompting Phil Montgomery, senior vice president of Identiv to call for, "a more regimented standards-based security approach that relies less on outdates processes around username/password technology and more on stronger forms of authentication."

No parties for third parties
This was the year that the risks of breaches through third-party contractors made it into mainstream consciousness. The Target breach, which exposed 70 million records, was just one of many that came through outside vendors.

Regulatory agencies are trying to maintain that awareness. Stephen Orfei, the new general manager of the Payment Card Industry Security Standards Council (PCI SSC) noted in a recent interview that, "security is only as good as your weakest link -- which means the security practices of your business partners should be as high a priority as the integrity of your own systems."

Christine Marciano, president of Cyber Data-Risk Managers, said that in addition to vetting vendors for rigorous security standards, companies should, "require their vendors to carry and purchase cyber/data breach insurance, to indemnify them for any costs associated with a data breach caused by the vendor's negligence."

The porous, sometimes malicious, human OS
While third parties may be a weak link in the security chain, that is less likely due to technology and more due to the human factor.

 

Previous Page  1  2  3  4  5  Next Page 

Sign up for Computerworld eNewsletters.