In information security circles, 2014 has been a year of what seems like a never-ending stream of cyberthreats and data breaches, affecting retailers, banks, gaming networks, governments and more.
The calendar year may be drawing to a close, but we can expect that the size, severity and complexity of cyber threats to continue increasing, says Steve Durbin, managing director of the Information Security Forum (ISF), a nonprofit association that assesses security and risk management issues on behalf of its members.
Looking ahead to 2015, Durbin says the ISF sees five security trends that will dominate the year.
"For me, there's not a huge amount that's spectacularly new," Durbin says. "What is new is the increase in complexity and sophistication."
The Internet is an increasingly attractive hunting ground for criminals, activists and terrorists motivated to make money, get noticed, cause disruption or even bring down corporations and governments through online attacks, Durbin says.
Today's cybercriminals primarily operate out of the former Soviet states. They are highly skilled and equipped with very modern tools -- as Durbin notes, they often use 21st century tools to take on 20th century systems.
"In 2014 we saw cybercriminals demonstrating a higher degree of collaboration amongst themselves and a degree of technical competency that caught many large organizations unawares," Durbin says.
"In 2015, organizations must be prepared for the unpredictable so they have the resilience to withstand unforeseen, high impact events," he adds. "Cybercrime, along with the increase in online causes (hacktivism), the increase in cost of compliance to deal with the uptick in regulatory requirements coupled with the relentless advances in technology against a backdrop of under investment in security departments, can all combine to cause the perfect threat storm. Organizations that identify what the business relies on most will be well placed to quantify the business case to invest in resilience, therefore minimizing the impact of the unforeseen."
2. Privacy and Regulation
Most governments have already created, or are in the process of creating, regulations that impose conditions on the safeguard and use of Personally Identifiable Information (PII), with penalties for organizations that fail to sufficiently protect it. As a result, Durbin notes, organizations need to treat privacy as both a compliance and business risk issue, in order to reduce regulatory sanctions and business costs such as reputational damage and loss of customers due to privacy breaches.
The patchwork nature of regulation around the world is likely to become an increasing burden on organizations in 2015.
"We are seeing increasing plans for regulation around the collection, storage and use of information along with severe penalties for loss of data and breach notification particularly across the European Union," Durbin says. "Expect this to continue and develop further imposing an overhead in regulatory management above and beyond the security function and necessarily including legal, HR and Board level input."
Sign up for Computerworld eNewsletters.