Please note that this is a page from a previous version of Continuity Central and is no longer being updated.

To see the latest business continuity news, jobs and information click here.

Business continuity information

Key information protection and governance trends

Espion predicts some key information protection, governance and ediscovery trends which will affect organizations over the coming 12 months:

1. Social discovery – a new frontier for the legal profession
The acceleration in the number of cases involving evidence from social media and the Internet (such as Facebook, Twitter, webmail, website data and YouTube videos), will put greater emphasis on the importance of employing best practices to collect, preserve and produce such online datasets.

Internet investigations and in particular social media, represent a new frontier for the legal fraternity. The scope for finding digital evidence such as photographs, status updates, a person’s location at a certain time, as well as content from social media accounts, will be an enormous burden on organizations.

2. Data breaches: anger will turn to action
High profile data breaches continued to make headlines throughout 2013. With each breach came greater awareness and understanding of often complex issues with the management of data becoming not just an IT issue but a business one.

Espion predicts that consumers will be increasingly savvy around personal data privacy issues and will lose patience with organizations that fail to act responsibly. 2014 will see those affected by breaches take even greater action - sharing their experience on social media and increasingly reporting to relevant bodies such as the Information Commissioners Office (UK) or the Data Commissioner (IRE).

3. Shodan will keep network guardians awake at night
If ‘Shodan Computer Search Engine’ hasn’t yet reached your lexicon by the end of 2014 you’ll be well versed in its capabilities to expose industrial control systems.

Described by Forbes as: “The Terrifying Search Engine That Finds Internet-Connected Cameras, Traffic Lights, Medical Devices, Baby Monitors And Power Plants” Espion believes there will be far greater attention given to the jaw-dropping capabilities of this powerful tool.

As a result those charged with protecting organizations will see their own networks in a new light and (here’s hoping) use Shodan as an awareness and metrics tool in their own organization.

4. The app gold rush will spawn new security issues
Thanks to new tools as well as reduced barriers to entry, app development will continue to be faster and cheaper to execute. As a result increasing numbers of organizations will look to apps to gain a competitive edge.

Those who fail to understand their potential downside, as well, will risk application security failure, launching a product that is likely to be a vulnerable service, exposing risks such as data leakage, reputational damage and non-compliance to legal, regulatory or contractual obligations.

5. The price for vulnerability information will skyrocket
The process of informing a software vendor of a vulnerability or bug that impacts upon data security will continue to attract ‘bug hunters’ who can make handsome rewards so organizations can address the issue before they are exploited.

Last year Google increased its maximum reward, paid to security researchers who submit bugs and vulnerabilities, from $3,133.70 to a whopping of $20,000 for a single vulnerability. Espion believes higher rewards will incentivise security researchers to report vulnerabilities rather than sell to cybercriminals. Now there’s a case for building security into the software development lifecycle (SDLC).

6. Organizations will look at weak links in third parties
Organizations vulnerable to cyber-attacks will turn their attention to their suppliers and contractors – who are often used by cyber-criminals as routes to gain access to unleash havoc spanning theft, fiscal fraud, industrial espionage, extortion, customer data loss or even hacktivism.

8th April 2014, when Microsoft ends support for Windows XP (meaning newly discovered vulnerabilities will not be patched, leaving systems around the world vulnerable to attacks), will be a key date to ensure that third parties who may still have Windows XP don’t threaten systems.

7. Organizations will promote their security standards / certification and governance achievements
Organizations that comply with industry-led standards and schemes to protect customers against cyber-attacks (such as: Payment Card Industry Data Security Standard (PCI-DSS); ISF (Information Security Forum) Standard for Good Practice for Cyber Security (SGP); IASME (Information Assurance for Small & Medium-sized Enterprises; ISO27001:2005 and ISO27002:2005), will increasingly market these standards to their end users as a symbols of trust and assurance.

8. Cloud security
Barriers to cloud adoption relating to security and privacy concerns will begin to be addressed more explicitly by end-users in 2014. One aspect will be the greater uptake of cloud encryption gateway products emerging on the marketplace, acting as a means of encrypting and tokenising key personally identifiable information as it leaves the enterprise perimeter.

Security enhancements to emerging cloud management platforms will also emerge – particularly in relation to enhancements cloud infrastructure provisioning and orchestration tools that will enforce security and data privacy policies.


•Date: 20th December 2013 • World •Type: Article • Topic: ISM

Business Continuity Newsletter Sign up for Continuity Briefing, our weekly roundup of business continuity news. For news as it happens, subscribe to Continuity Central on Twitter.

How to advertise How to advertise on Continuity Central.

To submit news stories to Continuity Central, e-mail the editor.

Want an RSS newsfeed for your website? Click here