Wisegate, the professional networking organization for IT and information security professionals, recently convened its members to discuss their top IT security threats for the coming year. Read what's on their minds, and how they plan to address the threats.
U.S. Secretary of Defense Leon Panetta may be laying awake at night worrying about the threat of cyber warfare, but the typical CIO or CISO is thinking about much more mundane security threats. Wisegate, the online professional networking organization for IT and information security (infosec) professionals, has just released its report, Preparing for the Top IT Security Threats of 2013. The report reveals the typical infosec concerns that lead many CIOs' agendas for the year ahead, as well as the strategies that these leaders are using to reduce risk for their organizations.
A LOOK BACK: Worse security snafus of 2012
The CIOs and CISOs who contributed their perspectives represent a wide range of businesses and agencies. Despite their diverse business interests, the executives agreed on one major threat area that concerns them all: BYOD. Most likely BYOD is on your list as well. Among their other major threat concerns are:
- Social media and the blurring of personal and work identities
- The use of consumer-grade applications for work purposes
- A general lack of IT security awareness among workers
- The tendency for departments to engage in cloud computing without IT's knowledge or approval
- Protecting corporate data in the face of the other factors listed above
The No. 1 concern is BYOD
It's no surprise that BYOD leads the list of concerns. This practice opens up new areas that are unfamiliar to many IT departments. Everyone is struggling with the same issues and trying to answer the same questions. How can we prevent data theft, loss or leakage when employees are using their own consumer-oriented smartphones, tablets and applications? What rights do we have to lock down or wipe a device that is owned by a worker and not by the company? How can we ensure that workers keep malware off their devices that they want to connect to the corporate network? How can we possibly support employees' devices that sport such a large variety of operating systems, applications, firmware and mobile carriers?
Wisegate members offer some of the strategies they are using to reduce the risk of BYOD. One way these infosec professionals are leading the way is through employee awareness of security issues and good practices. According to the report, workers understand why a company-owned laptop might need to be encrypted, but they don't understand why they can't have Angry Birds and a PCI-compliant application on the same iPad. It's incumbent on the IT department to create awareness, especially of "safe use" policies and procedures.
Another strategy to mitigate the risks introduced by BYOD is for the IT department and infosec professionals to be the "first adopters" of the technologies. The report offers this advice: By trying things before end users bring them into the work environment, IT can better understand the potential security threats as well as the support needs. More important, with a first adopter approach, the IT group becomes the real enablers of business units and their staff rather than being the gatekeepers -- or worse, the preventers.
The consumerization of IT brings risk to organizations
The consumerization of IT is taking its toll in other areas. For example, Wisegate members say they are concerned about employees using social media applications like Twitter, LinkedIn and Facebook to unofficially communicate with customers, partners and friends. According to the Wisegate report, members say there is a need for enforceable policies and procedures as well as awareness training to help control the type of information that workers share on a personal level that might be connected with work assets. Companies are concerned that details revealed via social may be used for spear phishing attacks or may potentially reveal confidential company information.
Not only are employees bringing their own devices to work, but they also want to use consumer applications for work purposes. Members cite workers' use of iCloud, Dropbox and other tools as a big threat to data security. To combat such threats, one Wisegate member says he meets with business unit leaders to understand their IT needs better. Together they try to find ways to accomplish what they need without using risky practices like putting corporate data in the cloud without IT's knowledge or support.
To learn more about the Wisegate members' top security threats of 2013 and their strategies for protecting their companies, read Preparing for the Top IT Security Threats of 2013.
Linda Musthaler is a principal analyst with Essential Solutions Corporation. You can write to her at LMusthaler@essential-iws.com.
About Essential Solutions Corp:
Essential Solutions researches the practical value of information technology, and how it can make individual workers and entire organizations more productive. Essential Solutions offers consulting services to computer industry and corporate clients to help define and fulfill the potential of IT.