|[January 03, 2013]
Coalfire's Top Five IT Security Predictions for 2013
LOUISVILLE, Colo. --(Business Wire)--
As the new year kicks off, Coalfire,
an independent IT GRC auditor, compiled their predictions for
cybersecurity in 2013.
"Last year was a very active year in the cybersecurity world," said Rick
Dakin, CEO and co-founder of Coalfire. "The Secretary of Defense
announced that the threat level has escalated to the point where
protection of cyber assets used for critical infrastructure is vital.
Banks and payment processors came under direct and targeted attack for
both denial of service as well as next-generation worms."
What might 2013 have in store Dakin predicts the following:
1. The migration to mobile computing will accelerate and the
features of mobile operating systems will become known as
vulnerabilities by the IT security industry.
Look out for Windows 95 level security on iOS, Android (News - Alert) 4 and even
Windows 8 as we continue to connect to our bank and investment accounts
- as well as other important personal and professional data - on smartphones
As of today, there is no way to secure an unsecured mobile operating
system (OS). Some risks can be mitigated, but many vulnerabilities
remain. This lack of mobile device and mobile network security will
drive protection to the data level. Expect to see a wide range of data
and communication encryption solutions before you see a secure mobile OS.
The lack of security, combined with the ever-growing adoption of
smartphones and tablets for increasingly sensitive data access, will
result is a systemic loss for some unlucky merchant, bank or service
provider in 2013. Coalfire predicts more than 1 million users will be
impacted and the loss will be more than $10 million.
2. Government will lead the way in the enterprise migration to
"secure" cloud computing.
No entity has more to gain by migrating to the inherent efficiencies of
cloud cmputing than our federal government. Since many agencies are
still operating in 1990s-era infrastructure, the payback for adopting
shared applications in shared hosting facilities with shared services
will be too compelling to delay any longer, especially with
ever-increasing pressure to reduce spending.
As a result, Coalfire believes the fledgling FedRAMP
program will continue to gain momentum and we will see more than 50
enterprise applications hosted in secure federal clouds by the end of
2013. Additionally, commercial cloud adoption will have to play catch-up
to the new benchmark that the government is setting for cloud security
and compliance. It is expected that more cloud consumers will want
increased visibility into the security and compliance posture of
commercially available clouds.
3. Lawyers have found a new revenue source - suing negligent
companies over data breaches.
Plaintiff attorneys will drive companies to separate the cozy compliance
and security connection. It will no longer be acceptable to obtain an IT
audit or assessment from the same company that is managing an
organization's security programs. The risk of being found negligent or
legally liable in any area of digital security will drive the need for
The expansion of the definition of cyber negligence and the range of
monetary damages will become more clear as class action lawsuits are
filed against organizations that experience data breaches.
4. Critical Infrastructure Protection (CIP) will replace the Payment
Card Industry (PCI (News - Alert)) standard as the white-hot tip of the compliance
Banks, payment processors and other financial institutions are becoming
much more mature in their ability to protect critical systems and
sensitive data. However, critical infrastructure organizations like electric
utilities, water distribution and transportation remain softer
targets for international terrorists.
As the front lines of terrorist activities shift to the virtual world,
national security analysts are already seeing a dramatic uptick in
surveillance on those systems. Expect a serious cyber attack on critical
infrastructure in 2013 that will dramatically change the national debate
from one of avoidance of cyber controls to one of significantly
increased regulatory oversight.
5. Security technology will start to streamline compliance management.
Finally, the cost of IT compliance will start to drop for the more
mature industries such as healthcare, banking, payment processing and
government. Continuous monitoring and reporting systems will be deployed
to more efficiently collect compliance evidence and auditors will be
able to more thoroughly and effectively complete an assessment with
reduced time on site and less time organizing evidence to validate
Since the cost of noncompliance will increase, organizations will demand
and get more routine methods to validate compliance between annual
Coalfire is a leading, independent information technology Governance,
Risk and Compliance (IT GRC) firm that provides IT audit, risk
assessment and compliance management solutions. Founded in 2001,
Coalfire has offices in Dallas, Denver, Los Angeles, New York, San
Francisco, Seattle and Washington D.C. and completes thousands of
projects annually in retail, financial services, healthcare, government
and utilities. Coalfire's solutions are adapted to requirements under
emerging data privacy legislation, the PCI DSS, GLBA, FFIEC,
HIPAA/HITECH, HITRUST, NERC (News - Alert) CIP, Sarbanes-Oxley, FISMA and FedRAMP. For
more information, visit www.coalfire.com.
[ Back To TMCnet.com's Homepage ]