ISF announces 10 future threat scenarios in Threat Horizon 2012 report
The Information Security Forum (ISF) has announced its predictions for the 10 most likely threat scenarios that organisations face in the future. According to its new Threat Horizon 2012 report, the rapid adoption of cloud computing, increasing use of mobile devices, growth of cybercrime and online espionage, and the merging of home and work life, all have a role to play in future risk management and contingency planning.
Based on research among ISF Members, 300 of the world’s leading companies and public sector organisations, Threat Horizon 2012 builds on core themes that form the underlying drivers of the new threat landscape, including globalisation, cultural change and weaknesses in organisational infrastructure. According to Adrian Davis, Principal Research Analyst at ISF, organisations of all shapes and sizes need to take a much broader view of security threats and evolve their thinking beyond just technology.
“Organisations right now need to be thinking people, processes and technology, not just technology, which is the mistake that many security and risk professionals take. The report provides both Members and non-members with a snapshot of the issues they face, but in a wider socio-economic and political context, and enables them to plan accordingly.”
In the first scenario, ‘Contingency fails’, the report highlights that there is not enough investment in critical infrastructure at a national and organisational level. It warns that our over-reliance on Internet-only channels and the advent of cloud computing and mobile working, combined with poor Internet resilience at pinch points on the network, means businesses will need contingency plans to continue operating when the Internet fails.
The rise of the ‘Internet generation’ and what ISF calls the ‘avatar effect’ in scenario 5 – the merging of work and home life – have caused step changes in attitudes to protecting information. Personally owned mobile devices are routinely used for business and connect to the network, while business is now regularly conducted via social networking sites.
According to Davis, smartphones in particular have become the device of choice and many organisations have developed bespoke applications and rolled them out to mobile workers, further blurring the line between personal and business use. He says: “This raises a number of added security implications as devices now share many characteristics of the mainframe, like middleware, but the security model is simply not adapting to these new demands. With mobile payment facilities becoming more viable, these devices will become even more lucrative to cybercriminals.”
Threat Horizon 2012 report – additional highlights:
· Integrity is king (scenario 9) – this is a serious challenge for organisations, which have growing amounts of digital information and access to them available in various different locations. This has led to a ‘toxic information wasteland’.
· Greening of the business (scenario 8) – efforts to reduce carbon footprint have led to more home working, but an inability for security solutions to scale accordingly, resulting in accidental disclosure of data and non-compliance of regulations.
· Cloud becomes a fog (scenario 2) – the cloud has started to attract the attention of hackers, who see it as an opportunity to hide and cloak access into organisations.
The aim of the ISF Threat Horizon 2012 report is to provide Members and non-members with a clear view of the current and future security landscape and provide guidance. Davis adds: “Security issues apply to everyone, regardless of industry, size and structure – everyone needs to apply best practice and processes when it comes to securing their vital assets. Predicting the future is never an exact science, but it does allow organisations to take an informed approach to risk and security planning and build in necessary precautions.”
About the Report
‘Threat Horizon 2012 – Information security-related threats of the future’ pulls together research from ISF Members, 300 of the world’s leading companies and public sector organisations. At a series of global workshops, Members were asked to consider how the world might look in 2012 using a standard business framework that considers macro-environmental factors, known as the PLEST framework (Political, Legal, Economic, Socio-cultural and Technical) and use this as a reference point to determine the information security threats that are likely to be in existence. These views were combined with research, futurologist insight and input from government, risk and economic reports.