As Internet connectivity begins to embrace the Internet of Things, security is shifting to becoming the Security of Everything: but are organisations and security professionals changing with the times? In a sister publication, CSO, Jeff Bardin started 2015 with a list of 12 problems that seem to have persisted in the last few years. The bottom line for many of these concerns point to what appears to be complacency or inability of organisations to give info security officers better access to corporate leadership: rather than being part of the corporate brain trust, they continue to be seen as messengers of bad news in an era of heavy duty cyber attacks.
Reports of such breaches in 2014, which included Target, Home Depot, Sony, have become mainstream news: many more people outside the industry are becoming acutely aware that the online world is as fraught with risk as the physical world. During Chinese New Year meetings in Malaysia, security service companies pointed out to media that Malaysia's security profile will need to include preparation in 2015 for an increase of financial-related attacks. CyberSecurity Malaysia kicked off the year with news that Ransomware was expected to be a serious threat in the coming months.
According to one Silicon Valley mobile security company Soonr, 52 percent of IT pros are concerned about the security and privacy of their own files, never mind trying to ensure their colleagues, partners and clients have up-to-date security. Interestingly, a US health insurance company Anthem said it suffered a "massive breach of its database containing nearly 80 million records," while last year a hospital operator Community Health Systems compromised 4.5 million records. Some experts are pointing to 2015 as the "year of the Healthcare hack" as apparently the personal information draws high prices in the dark community, or dark economy.
On the horizon, we have things like 'bio-hacking' - Kaspersky Lab said that implants with NFC or RFID chips under their skin may pose a significant risk. We could go on listing all the potential vulnerabilities that either stoke up confusion or fatigue. However, a common pattern under the many data breaches is that hackers used simple vulnerabilities in traditional systems that the companies did not take steps to address. As well as reviewing the basics, we can help to drive the message home at top management level with short, medium and long term plans to heighten good practice throughout all business units.
The spectre of security is coming home to haunt everyone, whether at work or in the home, so the responsibility should be shared by everyone. However, as observed during this year's Computerworld Malaysia Security Summit, those charged with information security are more often being asked to fall on their sword. Interesting times ahead for the security arena.
- AvantiKumar, Editor, Computerworld Malaysia & Malaysia Country Correspondent for Executive Networks Media channels
Sign up for CIO Asia eNewsletters.