By John Fitzgerald, Worldwide ISM Services Manager
As the volume of information we process in our daily work lives increases, CISOs need to stay on top of information security management. Here are 3 of the latest ISM trends to watch for:
1) The increasing use of mobile and consumer devices in the corporate environment
2) The accelerating rate of evolution of the threat landscape
3) The effect of economic instability on the ability of organisations to adequately protect themselves
The challenge of mobile devices in terms of security is one of the consequences of their benefit – small and portable is also easy to lose. Mobile devices typically, though there are exceptions:
- Offer less resistance to attack than traditional office or data centre based solutions
- Have inordinately large and relatively unprotected data storage capacities
- Will become the attack vector of preference for many attackers
Any bystander looking at the progress of technical threats to Information Communications Technology (ICT) will have seen the alarming rate of increase in the complexity and persistence of exploits being brought to bear against corporate and nation-state systems.
This rate of increase is unlikely to be slowed because information itself is a form of wealth, as well as being the means to unlock direct financial assets. It will, therefore, require ever more complex automated detection and prevention capabilities.
It will also drive the development of more offensive capabilities, firstly to enable the recovery of assets and secondly to deter all but the professional or state-sponsored threat actors.
In any time of financial austerity, commercial organisations and governments seek to minimise spending. History shows that one of the ways they do this is to cut back on what they consider to be non-essential new investment first, then seek to do basic existing functions at a lower cost.
Given the two challenges expressed above, this means that information security will be required to do more for less and, therefore, will have to be smarter.
Expect to see evidence-based decision-making becoming more prevalent over simple security by rote activities – do we really need to patch everything every week, or should we focus our effort on defence in depth across the entire infrastructure, discuss?
Download this HP white paper, Rethinking your Enterprise Security: Critical Priorities to Consider, and learn how to start the journey to end-to-end security.
If you’d like to find out more information on how HP can help you better manage security policies and governance to provide comprehensive risk mitigation, download our Information Security Management Outsourcing Services fact sheet.