Managing the complexities of securing corporate information, ICT “Company of the Year” Espion, has an unrivalled depth and breadth of expertise traversing a broad range of products and services. With 2014 fast approaching Espion predicts some key Information Governance and eDiscovery trends over the coming 12 months.
Stephen O’Boyle
Social Media as Legal Evidence Source
1. Social Discovery – A New Frontier for the Legal Profession
The acceleration in the number of cases involving evidence from social media and the internet (such as Facebook, Twitter, webmail, website data and YouTube videos), will put greater emphasis on the importance of employing best practices to collect, preserve and produce such online datasets.
Internet investigations and in particular social media, represent a new frontier for the legal fraternity. The scope for finding digital evidence such as photographs, status updates, a person’s location at a certain time, as well as content from social media accounts, will be an enormous burden on organisations.
Growing Consumer Attention to Data Breaches
2. Data Breaches: Anger will turn to Action
High profile data breaches continued to make headlines throughout 2013. With each breach came greater awareness and understanding of often complex issues with the management of data becoming not just an IT issue but a business one.
Espion predicts consumers will be increasingly savvy around personal data privacy issues and will lose patience with organisations who fail to act responsibly. 2014 will see those affected by breaches take even greater action – sharing their experience on social media and increasingly reporting to relevant bodies such as the Information Commissioners Office (UK) or the Data Commissioner (IRE).
Shodan and the Changing Security Landscape
3. Shodan will Keep Network Guardians Awake at Night
If “Shodan Computer Search Engine” hasn’t yet reached your lexicon by the end of 2014 you’ll be well versed in its capabilities to expose Industrial Control Systems.
Described by Forbes as: “The Terrifying Search Engine That Finds Internet-Connected Cameras, Traffic Lights, Medical Devices, Baby Monitors And Power Plants” Espion believes there will be far greater attention given to the jaw-dropping capabilities of this powerful tool.
As a result those charged with protecting organisations will see their own networks in a new light and (here’s hoping) use Shodan as an awareness and metrics tool in their own organisation.
Security Risks in Accelerated App Development
4. The App Gold Rush will Spawn New Security Issues
Thanks to new tools as well as reduced barriers to entry, app development will continue to be faster and cheaper to execute. As a result increasing numbers of organisations will look to apps to gain a competitive edge.
Those who fail to understand their potential downside as well, will risk application security failure (App Apocalypse), launching a product that is likely to be a vulnerable service, exposing risks such as data leakage, reputational damage and non-compliance to legal, regulatory or contractual obligations.
Increasing Value of Discovered Vulnerabilities
5. The Price for Vulnerable Information will Skyrocket
The process of informing a software vendor of a vulnerability or bug that impacts upon data security will continue to attract “bug hunters” who can make handsome rewards so organisations can address the issue before they are exploited.
Last year Google increased its maximum reward, paid to security researchers who submit bugs and vulnerabilities, from $3,133.70 to a whopping of $20,000 for a single vulnerability. Espion believes higher rewards will incentivise security researchers to report vulnerabilities rather than sell to cybercriminals. Now there’s a case for building security into the Software Development Lifecycle (SDLC).
Third-Party and Supply Chain Security Risks
6. Organisations will look at Weak Links in Third Parties
Organisations vulnerable to cyber-attacks will turn their attention to their suppliers and contractors – who are often used by cyber-criminals as routes to gain access to unleash havoc spanning theft, fiscal fraud, industrial espionage, extortion, customer data loss or even hacktivism.
8 April 2014, when Microsoft ends support for Windows XP (meaning newly discovered vulnerabilities will not be patched, leaving systems around the world vulnerable to attacks), will be a key date to ensure third parties who may still have Windows XP don’t threaten systems.
7. Organisations will promote their Security Standards / Certification and Governance Achievements
Organisations that comply with industry-led standards and schemes to protect customers against cyber-attacks (such as: Payment Card Industry Data Security Standard (PCI-DSS); ISF (Information Security Forum) Standard for Good Practice for Cyber Security (SGP); IASME (Information Assurance for Small & Medium-sized Enterprises; ISO27001:2005 and ISO27002:2005), will increasingly market these standards to their end users as a symbols of trust and assurance.
8. Cloud Security
Barriers to cloud adoption relating to security and privacy concerns will begin to be addressed more explicitly by end-users in 2014. One aspect will be the greater uptake of cloud encryption gateway products emerging on the marketplace, acting as a means of encrypting and tokenising key personally identifiable information as it leaves the enterprise perimeter.
Security enhancements to emerging Cloud Management Platforms will also emerge – particularly in relation to enhancements cloud infrastructure provisioning and orchestration tools that will enforce security and data privacy policies.
Managing the complexities of securing corporate information, ICT “Company of the Year” Espion, has an unrivalled depth and breadth of expertise traversing a broad range of products and services. With 2014 fast approaching Espion predicts some key Information Governance and eDiscovery trends over the coming 12 months.
Stephen O’Boyle
1. Social Discovery – A New Frontier for the Legal Profession
The acceleration in the number of cases involving evidence from social media and the internet (such as Facebook, Twitter, webmail, website data and YouTube videos), will put greater emphasis on the importance of employing best practices to collect, preserve and produce such online datasets.
Internet investigations and in particular social media, represent a new frontier for the legal fraternity. The scope for finding digital evidence such as photographs, status updates, a person’s location at a certain time, as well as content from social media accounts, will be an enormous burden on organisations.
2. Data Breaches: Anger will turn to Action
High profile data breaches continued to make headlines throughout 2013. With each breach came greater awareness and understanding of often complex issues with the management of data becoming not just an IT issue but a business one.
Espion predicts consumers will be increasingly savvy around personal data privacy issues and will lose patience with organisations who fail to act responsibly. 2014 will see those affected by breaches take even greater action – sharing their experience on social media and increasingly reporting to relevant bodies such as the Information Commissioners Office (UK) or the Data Commissioner (IRE).
3. Shodan will Keep Network Guardians Awake at Night
If “Shodan Computer Search Engine” hasn’t yet reached your lexicon by the end of 2014 you’ll be well versed in its capabilities to expose Industrial Control Systems.
Described by Forbes as: “The Terrifying Search Engine That Finds Internet-Connected Cameras, Traffic Lights, Medical Devices, Baby Monitors And Power Plants” Espion believes there will be far greater attention given to the jaw-dropping capabilities of this powerful tool.
As a result those charged with protecting organisations will see their own networks in a new light and (here’s hoping) use Shodan as an awareness and metrics tool in their own organisation.
4. The App Gold Rush will Spawn New Security Issues
Thanks to new tools as well as reduced barriers to entry, app development will continue to be faster and cheaper to execute. As a result increasing numbers of organisations will look to apps to gain a competitive edge.
Those who fail to understand their potential downside as well, will risk application security failure (App Apocalypse), launching a product that is likely to be a vulnerable service, exposing risks such as data leakage, reputational damage and non-compliance to legal, regulatory or contractual obligations.
5. The Price for Vulnerable Information will Skyrocket
The process of informing a software vendor of a vulnerability or bug that impacts upon data security will continue to attract “bug hunters” who can make handsome rewards so organisations can address the issue before they are exploited.
Last year Google increased its maximum reward, paid to security researchers who submit bugs and vulnerabilities, from $3,133.70 to a whopping of $20,000 for a single vulnerability. Espion believes higher rewards will incentivise security researchers to report vulnerabilities rather than sell to cybercriminals. Now there’s a case for building security into the Software Development Lifecycle (SDLC).
6. Organisations will look at Weak Links in Third Parties
Organisations vulnerable to cyber-attacks will turn their attention to their suppliers and contractors – who are often used by cyber-criminals as routes to gain access to unleash havoc spanning theft, fiscal fraud, industrial espionage, extortion, customer data loss or even hacktivism.
8 April 2014, when Microsoft ends support for Windows XP (meaning newly discovered vulnerabilities will not be patched, leaving systems around the world vulnerable to attacks), will be a key date to ensure third parties who may still have Windows XP don’t threaten systems.
7. Organisations will promote their Security Standards / Certification and Governance Achievements
Organisations that comply with industry-led standards and schemes to protect customers against cyber-attacks (such as: Payment Card Industry Data Security Standard (PCI-DSS); ISF (Information Security Forum) Standard for Good Practice for Cyber Security (SGP); IASME (Information Assurance for Small & Medium-sized Enterprises; ISO27001:2005 and ISO27002:2005), will increasingly market these standards to their end users as a symbols of trust and assurance.
8. Cloud Security
Barriers to cloud adoption relating to security and privacy concerns will begin to be addressed more explicitly by end-users in 2014. One aspect will be the greater uptake of cloud encryption gateway products emerging on the marketplace, acting as a means of encrypting and tokenising key personally identifiable information as it leaves the enterprise perimeter.
Security enhancements to emerging Cloud Management Platforms will also emerge – particularly in relation to enhancements cloud infrastructure provisioning and orchestration tools that will enforce security and data privacy policies.
