As disturbing details regarding the depth and breadth of Target’s security breach continue to surface, the clear message is that organizations need to implement greater cyber security safeguards to prevent future breaches from occurring. For as the Target attack shows, such breaches of personal data not only pose financial risks, they also put the company’s reputation at risk and open the doors for legal retaliation.
In the interest of creating better safeguards against cyber attacks going forward, here is a look at 5 predicted cyber security trends for 2014.
Greater adherence to NIST standards and guidelines
Under the Executive Order “Improving Critical Infrastructure Cybersecurity," President Obama has directed the National Institute of Standards and Technology (NIST) to work with organizations on developing — as stated on nist.gov — a “framework of standards, guidelines and best practices to promote the protection of critical infrastructure.”
While developing this framework has been considered a “voluntary” practice on the part of organizations thus far, heightened scrutiny of security practices by the FTC and other regulators will force organizations to more strictly adhere to NIST standards and best practices with regard to cyber security in 2014 and beyond. Otherwise, in the event of a security breach, they may find themselves subject to a host of legal actions, including lawsuits by shareholders and stiff penalties imposed by regulators.
Greater scrutiny of BYOD policies
The proliferation of mobile devices such as smartphones and tablets, has ramrodded many organizations into fast and loose adoption of BYOD practices. Add to that the explosion of cloud services, and you’ve got a security breach just waiting to happen. As a result, in 2014 and beyond, companies that allow cloud and BYOD practices will need to make sure that these technologies are accompanied by detailed corporate policies regarding how they may and may not be used.
In addition, IT security and risk management plans must factor in BYOD in order to better protect sensitive information and keep the legal bases should a breach attributed to BYOD occur.
Greater scrutiny of data subcontractors
Regardless of how sophisticated an organization’s cybersecurity safeguards may be, turning sensitive data over to third party contractors to be stored and processed can make that data more vulnerable to breaches and that organization more open to legal action. After all, sensitive information handled by third parties is only as secure as the safeguards they have implemented. Therefore, it’s forecasted that organizations will be conducting more extensive technical, procedural and legal reviews of subcontractor’s cyber security policies and procedures before trusting them with sensitive information.
Greater breach detectability via sophisticated tools
The quicker data breaches are detected, the faster organizations can react to mitigate the damage. And new technological tools stand ready to help companies better assess---in near real-time---the nature of a cyber attack and what damage it has caused. Although most organizations thus far have focused their funds on breach prevention technologies, a greater investment in technologies designed to facilitate a faster and more informed response to security breaches is predicted for the future.
Greater focus on cybersecurity by corporate auditors
In light of the Target breach and the ongoing Snowden fallout, it’s predicted that corporate audit committees will place greater emphasis on determining an organization’s “cybersecurity health” as well as its financial health. These security audits will no doubt address the organization’s cybersecurity standards and practices as well as incident response plans, making sure that both fall within “commercially reasonable” levels. As to how and by whom these reasonable levels will be determined, that issue is open to much debate.