A recently published report from the ISF, now available to members on its website, takes a look into the future of information security and provides predictions on the 10 most likely threats organizations will face in the future.
Examination of the report reveals three drivers the ISF believes will affect security risks in the future, which include infrastructural weaknesses, the emergence of a changing culture from those who grew up entirely in the internet age, and increasing globalization.
The report breaks down each likely scenario into its social, political, economic, cultural, and technical components, so organizations of all stripes can determine how a particular threat might impact their business.
Also provided is a list of action points for each security threat, and additional commentary that delves just a bit deeper into the topic.
Infrastructural weakness, namely contingency failure, is discussed in the first likely scenario ISF puts forth in its Threat Horizon 2012 report. This includes both physical infrastructure deficiencies of the internet, where most – if not all – transactions occur.
Andy Jones, CISSP, principal research consultant for ISF, and author of the report, said there is not much standing between us and an internet outage, adding that a breach of a “single internet main pipe can result in serious impact”. He acknowledged that people tend to be resilient in the face of such obstacles, but without a contingency plan in place, organizations will find themselves without a way to continue executing day-to-day transactions.
Jones was also bold enough to say that, of the 10 threat predictions made in the report, contingency failure was perhaps the most likely in the future. “I believe that a fundamental infrastructure failure – maybe IT related, maybe not – will cause some significant business impact and that there will be serious questions asked as to how robust infrastructure is in the Internet world”, he commented.
The Threat Horizon report also identifies two topics that largely go hand-in-hand: the ‘deperimiterization’ of security and the threats posed by mobile devices. Jones called it the “disappearance of the network boundary”, adding that boundaries will need to shift from physical locations to the information itself.
“In practice this means that solutions such as digital rights management, or even data loss prevention, have more of a role to play”, he continued. He said this type of strategy is not for all organizations, but that “the trick is to understand where it is cost effective to deploy this type of solution”. Namely, Jones believes, for organizations that maintain highly regulated or high-value information.
The author went on to tell Infosecurity that although the report is forward-looking, and not indicative of any immediate threats, it can be highly useful for security personnel looking for guidance on future investment.
The ISF has put out the report since 2006, and he hopes it will help security practitioners fuel debate with their management on the applicability of a certain scenario to their business. For Jones, the report’s simplicity is its greatest asset: “the biggest success of the report is that it puts information security into a language that helps them to engage with the senior levels of business”.