2012 has certainly been an interesting year in the world of security. We have seen many firms attempting to embrace the cultural shift in business practices as social media and cloud computing continue to develop. Yet, in many cases, these important communication and collaboration channels have been shut down due to fear of openness and the possibility of leaks.
With 2013 just around the corner, there is no doubt we will see new and advanced threats, further breaches and developing regulation. So, with this in mind, here are three areas which I believe we’ll be hearing a lot more about in the next 12 months and more.
Advanced Persistent Threats (APTs)
Truly a virus for the 21st century, the intent of APTs is less dramatic and more profitable. APTs target individuals and companies with the sole aim of stealing information for profit. They use phishing and spear-phishing to gain access to corporate data stores and then operate "below the radar", exfiltrating information over extended periods of time. We will see these attacks increase in occurrence, especially in mid-sized companies where security is less mature – it isn’t just large companies that possess valuable intellectual property that cyber-criminals can steal and sell on.
Many employees and companies want to collaborate in the cloud, but are hindered by the security implications. Information security is currently determined at the file or document level. One breach of policy and the file is blocked from sharing. However, if you removed the specific pieces of information which were sensitive, the rest of the file would be okay to share and collaboration would continue. This mechanism would open up a lot more documents to being shared for collaboration purposes, ultimately making working practices more efficient. It is no longer a black and white situation of information being safe within the organisation and unsafe outside. Automatic adaptive redaction of information will be seen as a useful grey area or middle ground, which allows collaboration on documents with the assurance that no sensitive information has left the organisation.