The Global nonprofit IT association ISACA recently issued guidance on managing three top tech trends for CIOs and their organizations in 2013. These trends are expected to pose major challenges to businesses in 2013: cybersecurity threats, private vs. public clouds and data privacy.
ISACA is a provider of best practices and expertise as it strives to help its 100,000 members worldwide navigate the changing IT landscape. Many IT professionals globally will follow ISACA recommendations in order to build trust in and value from enterprise information including Big Data initiatives.
We now know the numbers. The war on cybercrime continues for most organizations and especially their IT departments and CISOs. The total number of Computer viruses, trojans and web attacks is growing at their fastest pace in four years.
In its recent quarterly "Threats Report", McAfee said that it had found more than 8 million new kinds of malware in the second quarter. This represents an increase of 23% from the first quarterly report. There are now more than 90 million unique strands of malware in the wild according to McAfee.
Viruses that send unsolicited emails and attack websites, as well as search engine poisoning — where unwitting users are misdirected toward questionable or fraudulent sites — are among the increasingly sophisticated tactics used to capture and exploit consumer data and pose threats to international supply chains.
“As more devices utilize IP addresses, the attack surface will become larger and threats to cybersecurity will increase. Cyber criminals will dedicate themselves to finding increasingly complex methods for attacks in 2013,” said Jeff Spivey, CRISC, CPP, international vice president of ISACA and director of Security Risk Management Inc.
Privacy Concerns Continue to Grow
CISOs and IT professionals have to manage not just threats of data leakage and identity theft, but also growing consumer and employee concerns about data privacy.
According to Robert Stroud, member of ISACA’s Strategic Advisory Council, "Nearly 90 percent of US consumers who use a computer, tablet PC or smartphone for work activities feel their online privacy is threatened, but many persist with actions and attitudes that put that privacy and security at risk."
“The protection of personally identifiable information (PII) is the responsibility of both organizations and individuals,” said Greg Grocholski, CISA, international president of ISACA. “Organizations need to have a governance structure in place to ensure that PII is managed and protected throughout its life cycle. Individuals must be aware of what PII they are providing and to whom. To be successful, data protection must be a joint effort.”
He continued, “Privacy by design, confidentiality of location-based information, the consumerization of IT, and an increase in legislative and regulatory mandates that will drive more privacy audits are among the top 2013 trends in data privacy that ISACA anticipates will need to be addressed.”
Private Vs. Public Clouds
Over the next 12 months, information security concerns will prompt a growing interest in private or hybrid (public/private) cloud solutions. The expected rise of “personal clouds” will add to the challenge of protecting data for a mobile work force that embraces BYOD (“bring your own device”). Cost, speed, manageability and security are the factors most debated in cloud computing.
ISACA’s 2012 IT Risk/Reward Barometer shows that IT professionals remain wary of public clouds; 69 percent believe that the risk of using public clouds outweighs the benefit. Opinions of private clouds are the opposite — the majority (57 percent) believes the benefit outweighs the risk. Other findings include:
Among people using cloud for mission-critical services, there is a 25-point difference between those who use private (34 percent) versus public (nine percent).
One of the high-risk actions employees take online is using an online file-sharing service, such as Dropbox or Google Docs, for work documents (67 percent).
The most effective way to reduce IT risk is to educate employees (36 percent). Despite these concerns, CFOs (to whom over half of CIOs report) still look to cloud for return on investment.
In the end it really does come down to effective planning and communications. The relationship between the CIO, CISO and other C-level executives really matters. Companies with strong, collaborative relationships between the CIO and other C-suite executives are four times more likely to be top-performing companies than those with fragmented relationships, according to PricewaterhouseCoopers LLP’s fifth annual Digital IQ survey, recently released.
Digital IQ is a measure of how well companies understand the value of technology and how successfully they link information technology investments to their business strategy.