Security firm identifies top 7 trends for 2014


Several IT security firms have released predictions for 2014 in the past couple of weeks, and Kroll, a leading company in the risk mitigation and response space, has released its Cyber Security Forecast as well.

The Kroll report identifies seven trends that the company says represent a changing tide in cyber standards, both social and legal, which "will require organizations to take stronger actions and safeguards to protect against reputational, financial and legal risks."

According to Kroll, IT security trends that CIOs can expect in the New Year include:

NIST and similar security frameworks will become the de facto standards

"This trend will move the U.S. in the direction of the UE," noted Alan Brill, senior managing director at Kroll. "As new laws evolve that reflect the NIST guidelines and look more like the EU privacy director, some U.S. companies will find themselves ill-prepared to effectively respond to the regulations. To minimize their risk, organizations will have to get smart on these standards and make strategic business decisions that give clients and customers confidence that their information is protected."

The data supply chain will pose continuing challenges

"Companies should know who they are giving their data to and how it is being protected," noted Tim Ryan, managing director and cyber investigations practice leader at Kroll. "This requires technical, procedural and legal reviews." The malicious insider remains a serious threat."There's a tremendous amount of data compromised today where the act is never discovered or disclosed," says Ryan. "People discount the insider threat because it doesn't make the news. The insider threat is insidious and complex. Thwarting it requires collaboration by general counsel, information security, and human resources." 

Audit committees will want greater accountability

"As corporate boards carry out their fiduciary responsibilities, they must also protect the company from possible shareholder lawsuits that allege the company's cyber security wasn't at a level that could have been reasonably been viewed to be 'commercially reasonable' and that incident response plans weren't in place to mitigate the risk," Brill says.

Sophisticated tools will enable faster security response and recovery

"We've seen a dramatic improvement in response technology over the last year," says Ryan. "Companies have never had a better opportunity to enhance their existing protocols with a methodology that can mean an informed and timely response." New standards will have a greater impact on data breach response. "Companies will gain a better understanding of their actual breach risks, how the breach could actually affect their customers, and the best way to remedy those specific risks and provide better protection to affected customers," explains Brill.

Greater accountability will be expected with security policies and implementation

"While it's implausible to anticipate every possible risk presented by the use of the cloud and BYOD, companies that have integrated these technologies into their corporate policies, IT security, and risk management plans will be much better prepared to fulfill their legal obligations," Brill concluded.

Related Articles
Cloud-based security to spur growth in specialized threat analysis and protection [FierceITSecurity]
Shadow IT has hidden risks, warns study [FierceITSecurity]
Security vendors make their predictions for 2014