Cyberspace is an increasingly attractive hunting ground for criminals, activists and terrorists motivated to make money, get noticed, cause disruption or even bring down corporations and governments through online attacks. Organizations must be prepared for the unpredictable so they have the resilience to withstand unforeseen, high impact events. Cybercrime, along with the increase in online causes (hacktivism), the increase in cost of compliance to deal with the uptick in regulatory requirements coupled with the relentless advances in technology against a backdrop of under investment in security departments, can all combine to cause the perfect threat storm. Organizations that identify what the business relies on most will be well placed to quantify the business case to invest in resilience, therefore minimizing the impact of the unforeseen.
The Internet of Things
Organizations’ dependence on the Internet and technology has continued to grow over the years. The rise of objects that connect themselves to the Internet is releasing a surge of new opportunities for data gathering, predictive analytics and IT automation. As increased interest in setting security standards for the Internet of Things (IoT) escalates, it should be up to the companies themselves to continue to build security through communication and interoperability. The security threats of the IoT are broad and potentially devastating and organizations must ensure that technology for both consumers and companies adhere to high standards of safety and security.
“You can’t avoid every serious incident, and while many businesses are good at incident management, few have a mature, structured approach for analyzing what went wrong. As a result, they are incurring unnecessary costs and accepting inappropriate risks,” continued Durbin. “By adopting a realistic, broad-based, collaborative approach to cyber security and resilience, government departments, regulators, senior business managers and information security professionals will be better able to understand the true nature of cyber threats and respond quickly, and appropriately.”
The ISF Threat Horizon series of reports, aimed at both senior business audiences and information security professionals, provide more information on these and other threats. These annual reports are designed to help organizations take a proactive stance to security risks by highlighting challenges in the threat landscape and identifying how the confidentiality, integrity and availability of information may be compromised in the future. For more information, please visit the ISF website or contact Steve Durbin at firstname.lastname@example.org.
About the Information Security Forum
Founded in 1989, the Information Security Forum (ISF) is an independent, not-for-profit association of leading organizations from around the world. It is dedicated to investigating, clarifying and resolving key issues in cyber, information security and risk management and developing best practice methodologies, processes and solutions that meet the business needs of its Members.
ISF Members benefit from harnessing and sharing in-depth knowledge and practical experience drawn from within their organizations and developed through an extensive research and work program. The ISF provides a confidential forum and framework, which ensures that Members adopt leading-edge information security strategies and solutions. And by working together, Members avoid the major expenditure required to reach the same goals on their own.
Further information about ISF research and membership is available from www.securityforum.org