In its annual survey, BCS (the Chartered Institute for IT) interviews senior IT professionals to provide a snapshot of what the next 12 months is likely to hold. It will come as no surprise to anyone that security, in all its guises, comes top of the list. The question is, how ready are you to face the increasing threat level?
The survey is conducted online and features responses from over 340 senior IT professionals. This time last year mobility topped the priority list, with information security and cloud computing coming in second and third respectively.
In a rare demonstration of prescience, the respondents tipped information security to become the number one priority over the coming 3-5 years. They couldn’t have predicted quite how dominant information security, and particularly data loss, would become in 2014 as the business world was rocked by one revelation after another.
2014 started in the shadow of the Target Corp data breach, where an estimated 110 million customers’ credit card details were compromised. There wasn’t a month went by without another breach affecting millions of customers Snapchat, Orange, eBay, Paddy Power, Google, Home Depot, JP Morgan Chase and Sony were amongst the highest profile breaches.
The public sector didn’t escape unscathed. In the US the University of Maryland, the County of Los Angeles and the Montana Department of Public Health and Human Services saw a range of information compromised, from social security numbers and billing details to medical diagnoses.
Data security has become increasingly politicised in early 2015 as President Obama included a call for a mandatory breach notification law and a Consumer Privacy Bill of Rights in his State of the Union speech. Government is beginning to play a more active role in data security but its messaging is sometimes conflicting.
In New Jersey, a law has been passed that, when in come into effect later this year, requires health insurance companies to encrypt any personal information they store. Meanwhile, in the UK, Prime Minister David Cameron is calling for a ban on end-to-end encryption for certain applications.
As 2015 gets underway we see a number of organisations being hit with financial penalties. However, research shows that CIOs are more motivated by the loss of reputation associated with a mandatory breach notification than they are a hefty fine.
The likelihood of a data breach seems to be on the increase; whether as a result of organised criminal activity, ethical hacking or simply because you aren’t a fan of the latest Hollywood offering. We’ve been telling people for years that the high speed data networks we’ve come to rely upon are not inherently secure.
IF 2014 TAUGHT US ANYTHING IT’S THAT INFORMATION NEEDS TO BE SECURE BOTH AT REST AND AS IT MOVES ACROSS YOUR NETWORK. BECAUSE BREACHES ARE INEVITABLE, MAKE SURE YOU PROTECT THE BREACH BY ENCRYPTING ALL OF YOUR SENSITIVE INFORMATION.
Information security has emerged as a front-line business issue rather than simply something for the IT crowd to look after. The BCS survey saw 60% of respondents place security and potential data loss at the top of the list of things most likely to cause concern in the coming year.
Sceptics will, quite reasonably, ask whether senior executives truly grasp the critical nature of information security. More important than recognition is the provision of budget to address the increasing range and level of threats to information security.
Cloud computing and mobility (including BYOD) are also priorities and are two areas of IT where security concerns have been a major barrier to adoption. When asked to peer into their crystal balls and predict what will be keeping IT managers awake in 3-5 years’ time, the BCS respondents see information security staying top of the list, followed by big data and cloud computing.
It sounds like a safe bet to us. We’d probably go one step further and say that encryption will feature heavily in information security discussions over the coming year. Encryption that is decoupled from your specific network architecture and accredited to the world’s leading independent security standards. But then we would, wouldn’t we?