Skip Links

IT leaders prepare for their top IT security threats of 2013

IT Best Practices Alert By Linda Musthaler, Network World
December 21, 2012 11:00 AM ET
Linda Musthaler
Sign up for this newsletter now!

The CIO-level business angle on the latest tech

Network World - U.S. Secretary of Defense Leon Panetta may be laying awake at night worrying about the threat of cyber warfare, but the typical CIO or CISO is thinking about much more mundane security threats. Wisegate, the online professional networking organization for IT and information security (infosec) professionals, has just released its report, Preparing for the Top IT Security Threats of 2013. The report reveals the typical infosec concerns that lead many CIOs' agendas for the year ahead, as well as the strategies that these leaders are using to reduce risk for their organizations.

A LOOK BACK: Worse security snafus of 2012

The CIOs and CISOs who contributed their perspectives represent a wide range of businesses and agencies. Despite their diverse business interests, the executives agreed on one major threat area that concerns them all: BYOD. Most likely BYOD is on your list as well. Among their other major threat concerns are:

  • Social media and the blurring of personal and work identities
  • The use of consumer-grade applications for work purposes
  • A general lack of IT security awareness among workers
  • The tendency for departments to engage in cloud computing without IT's knowledge or approval
  • Protecting corporate data in the face of the other factors listed above

The No. 1 concern is BYOD

It's no surprise that BYOD leads the list of concerns. This practice opens up new areas that are unfamiliar to many IT departments. Everyone is struggling with the same issues and trying to answer the same questions. How can we prevent data theft, loss or leakage when employees are using their own consumer-oriented smartphones, tablets and applications? What rights do we have to lock down or wipe a device that is owned by a worker and not by the company? How can we ensure that workers keep malware off their devices that they want to connect to the corporate network? How can we possibly support employees' devices that sport such a large variety of operating systems, applications, firmware and mobile carriers?

Wisegate members offer some of the strategies they are using to reduce the risk of BYOD. One way these infosec professionals are leading the way is through employee awareness of security issues and good practices. According to the report, workers understand why a company-owned laptop might need to be encrypted, but they don't understand why they can't have Angry Birds and a PCI-compliant application on the same iPad. It's incumbent on the IT department to create awareness, especially of "safe use" policies and procedures.

Another strategy to mitigate the risks introduced by BYOD is for the IT department and infosec professionals to be the "first adopters" of the technologies. The report offers this advice: By trying things before end users bring them into the work environment, IT can better understand the potential security threats as well as the support needs. More important, with a first adopter approach, the IT group becomes the real enablers of business units and their staff rather than being the gatekeepers -- or worse, the preventers.

Linda Musthaler is a principal analyst with Essential Solutions Corporation.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News