Earlier this month, international research firm Gartner released its IT predictions for 2012. Its 11 predictions make for compelling reading. From its perspective it sees 2012 and beyond as moving towards a loss of centralised IT control and an upward trend towards consumerisation of the cloud.
However, in my mind (perhaps my mind looks for these things given what we do), a few predictions stood out to me, because I see the potential ramifications it could have on Australian businesses that don’t take the right precautions. If you don’t have a subscription to Gartner, you can read a summary here (or via the Gartner site).
Essentially, three of the predictions will have an impact on, or are centred on data security. This therefore has a potential impact on the operations and profitability of businesses. To help you prepare, I have summarised three of the predictions that Gartner has made that we believe will be of a business security issue and have then included some recommendations or thoughts on what you can do to minimise your risk.
From desktop to mobile email clients
According to Gartner, by 2016 at least 50 percent of business email users will rely primarily on a browser, tablet or mobile email interface, as opposed to a desktop interface. The implications of this change in usage are far-reaching; from having a more mobile and interconnected workforce, through to the ability to respond in real-time.
However, there are downsides too. One of the more publicised ones of late is the inability for people to leave their work in the office; it travels with them wherever they have access to a smartphone or a laptop. Another con is that most mobile or tablet interfaces do not have adequate spam or malware controls. There are also security concerns on these platforms.
If spam and/or malware are not eliminated before interacted with on your mobile email client, there is increased chance that it will cause infection on your device, which could in turn spread throughout the network. In fact, in a previous blog I discussed the increased prevalence of smartphone malware. Malware such as the SpyEye app is but one example of the way which cyber criminals are evolving to take advantage of the uptake in mobile device usage.
It is worth noting, that while malware on mobile platforms is a reality, both the Android and iStore market places are pretty good at removing any apps which are found to be of a dubious nature. However, it is worthwhile staying vigilant.
Increased development for smartphone and tablet
According to Gartner analysts, by 2015, program development projects engineered specifically for smartphones and/or tablets will outnumber PC-only projects by a ratio of 4:1. That is there will be a 4:1 ratio of new programs and apps for smartphones or tablets as compared to PC.
This goes to show just how mobile society and employees are likely to become. While no mention has been made as to the proportion of business to consumer applications, in terms of what it means for businesses, the difference is negligible. The reason is simple: with more individuals bringing their own devices into the workplace, there is increased opportunity for your system security to become compromised.
It may not even be malware however, that causes some of the larger headaches for IT departments. So great is the rush to get out the next app, that many production teams are forgetting to lock down the privacy component of their app.
For example, security firm Zscaler ThreatLabZ found:
“A few months back we were looking at some iOS apps that would ask you for your password to popular services like Google Docs, and all of those authentication credentials were just stored in clear text. So anybody who got a backup of your phone could go through that in plain text.”
Should any business applications have flaws such as these, the ramifications could be horrific. Not only would your company data be potentially at risk, but so too could your clients’ data be compromised.
Cybercrime will grow at 10% for the next 5 years
Having read the above predictions it may seem pretty obvious, but cybercrime is tipped to increase over the next few years as well. According to the report, Gartner states that the financial impact of cybercrime will grow at a rate of 10 percent per year annually, through until the end of 2016, due in large part to the persistence of new software and network vulnerabilities.
This is far from surprising given the above thoughts from Gartner and the fact that spam is not going anywhere, nor are phishing scams. In fact, a report by Cisco in June 2011 stated:
“Worldwide revenues of high volume spamming decreased from $1.1 billion in June 2010 to $300 million in June 2011, or a drop of two-thirds. In comparison, revenues for targeted attacks quadrupled from $50 million to $200 million over the same time period.”
More confronting that this, last year, it was estimated by Galaxy Research that in the 12 months to July 2010, Australians lost $1.286 billion to scams originating online. If you use these figures, then extrapolating out to 2016, Australians will lose $2.5 billion to cybercrime—an extraordinary figure, especially when you consider this does not include corporate losses.
Furthermore, new vulnerabilities are exposed nearly every day. Software updates, new software and more ingenious hackers means holes which once didn’t exist now do. Called Zero-day vulnerabilities, these holes pose a risk to your network security, as left un-patched it are just an open invitation to hackers to come in and rifle through your data.
Protecting your business data
Aside from the predicted increase in cybercrime, Gartner’s predictions are for the most part, positive signs for technology and most likely for business as well. It is just a matter of being proactive and being prepared.
Some simple things you can do to protect your business every day, and against the potential threats as described above include:
- Keep up to date anti-virus platforms installed on your network to protect against cybercrime.
- Be wary of emails asking for personal or company information. If in doubt, call the sender.
- Implement a detailed IT security policy and make it widely available to all employees
- Implement a policy to regularly check email addresses being used by employees to avoid man-in-the-mailbox scenarios.
- Make it company policy to change passwords every 21 days.
- Make employees read the most common passwords lists so it get more inventive.
- Investigate a cloud-based spam filter so that emails received on mobile platforms are free of spam and malware.
- Try to limit use of employee’s personal devices on the office network. Issue work-owned devices where possible.
- Encourage employees to set the default settings to ‘always enter a password’ for apps and websites rather than remember them.
- Discourage employees from downloading apps new to the market.
Of course this list is far from complete, so feel free to share your recommendations or comments.