Independent IT GRC Auditor Compiles List of Trends for the New Year
Coalfire, an independent information technology governance, risk and compliance (IT GRC) services firm, recently released its top five cybersecurity predictions for 2014. Rick Dakin, the company’s chief security strategist, consolidated an analysis from more than 1,000 audits and forensics investigations in 2013 to develop the 2014 predictions.
“In 2013, there were several high-profile cybersecurity cases – Edward Snowden and the issues with the federal health care website, to name a few,” said Dakin. “We are certainly going to have more cybersecurity challenges ahead, but many enterprises are not yet prepared to either identify or respond to the emerging risks.”
For 2014 Dakin predicts the following:
1. There will be a significant security breach at a cloud service provider that causes a major outage.
A single cloud provider may house sensitive information on tens if not hundreds of thousands of individuals. Business owners and executives should recognize the increased necessity of evaluating risk within their third-party cloud service provider (CSP) systems and in provider/vendor relationships to protect trade secrets and prevent intellectual property leaks.
2. The migration from compliance to IT risk management will accelerate.
While the supply chain will incorporate innovative solutions that will introduce significant new risks, the maturity of cybersecurity within most large enterprises continues to accelerate. Risk and compliance management firms must better align practices to the business needs of their clients, instead of providing spot reports for a single purpose.
3. Emerging threats will shift security programs from static boundary protection to more proactive monitoring and response programs.
Security programs from just three years ago are no longer adequate. In 2014, there will be many more virulent types of attacks. The damage generated by those targeted attacks will be significant enough to drive further migration from static border protection and access control-based security programs to dynamic programs that analyze new threats and risks on a daily basis and drive upgrades, updates and system changes.
4. There will be a significant increase in malware for Android phones, and malware will begin to affect iPhones, too.
Tablets and smartphones were developed with the same level of concern about security that was applied to Windows 95 platforms during the early days of the Internet. Today, there simply is not adequate security to protect users from the serious threats that are known. Additionally, there is a severe lack of awareness among consumers about the potential for malware to attack their devices, and a recent study found that 80 percent of smartphones are unprotected from malware.
5. The number of data breaches in health care caused by Business Associates (BAs) will increase dramatically because of the final Omnibus Rule.
The Omnibus Rule required that all BAs be HIPAA compliant by September 23, 2013, yet many BAs don’t even know they are a BA, or that they are now liable for data breaches caused by the mishandling of electronic protected health information (ePHI). In addition, the process for Covered Entities (CEs) to manage HIPAA compliance for potentially thousands of BAs can be cumbersome and inaccurate. Many BAs are simply ignoring the requirements, which will lead to numerous data breaches in 2014.
More detail about these predictions, including recommendations to address them, is provided in the full whitepaper available at http://www.coalfire.com/Resources/Perspectives/Top5-IT-Security-Predictions-for-2014.
Coalfire is a leading independent information technology Governance, Risk and Compliance (IT GRC) firm that provides IT audit, risk assessment and compliance management solutions. Founded in 2001, Coalfire has offices in Dallas, Denver, Los Angeles, New York, San Francisco, Seattle, Washington D.C. and England and completes thousands of projects annually in retail, financial services, health care, government and utilities. Coalfire’s solutions are adapted to requirements under emerging data privacy legislation, the PCI DSS, GLBA, FFIEC, HIPAA/HITECH, HITRUST, NERC CIP, Sarbanes-Oxley, FISMA and FedRAMP. For more information, visit www.coalfire.com.