He adds that organizations should look upon the EU's struggles with data breach regulation and privacy regulation as a temperature gauge and plan accordingly.
"Regulators and governments are trying to get involved," he says. "That's placing a bigger burden on organizations. They need to have resources in place to respond and they need to be aware of what's going on. If you've got in-house counsel, you're going to start making more use of them. If you don't, there's a cost."
3. Threats From Third-Party Providers
Supply chains are a vital component of every organization's global business operations and the backbone of today's global economy. However, Durbin says, security chiefs everywhere are growing more concerned about how open they are to numerous risk factors. A range of valuable and sensitive information is often shared with suppliers, and when that information is shared, direct control is lost. This leads to an increased risk of its confidentiality, integrity or availability being compromised.
Even seemingly innocuous connections can be vectors for attack. The attackers who cracked Target exploited a web services application that the company's HVAC vendor used to submit invoices.
"Over the next year, third-party providers will continue to come under pressure from targeted attacks and are unlikely to be able to provide assurance of data confidentiality, integrity and/or availability," Durbin says. "Organizations of all sizes need to think about the consequences of a supplier providing accidental, but harmful, access to their intellectual property, customer or employee information, commercial plans or negotiations. And this thinking should not be confined to manufacturing or distribution partners. It should also embrace your professional services suppliers, your lawyers and accountants, all of whom share access oftentimes to your most valuable data assets."
Durbin adds that infosec specialists should work closely with those in charge of contracting for services to conduct thorough due diligence on potential arrangements.
"It is imperative that organizations have robust business continuity plans in place to boost both resilience and senior management's confidence in the functions' abilities," he says. "A well-structured supply chain information risk assessment approach can provide a detailed, step by step approach to portion an otherwise daunting project into manageable components. This method should be information-driven, and not supplier-centric, so it is scalable and repeatable across the enterprise."
4. BYOx Trends in the Workplace
The bring-your-own (BYO) trend is here to stay whether organizations like it or not, Durbin says, and few organizations have developed good policy guidelines to cope.
"As the trend of employees bringing mobile devices, applications and cloud-based storage and access in the workplace continues to grow, businesses of all sizes are seeing information security risks being exploited at a greater rate than ever before," he says. "These risks stem from both internal and external threats including mismanagement of the device itself, external manipulation of software vulnerabilities and the deployment of poorly tested, unreliable business applications."
Sign up for Computerworld eNewsletters.