10 Top Information Security Threats for the Next Two Years

Nation-State Backed Espionage Goes Mainstream

"State-backed [cyber] espionage is no longer limited to the Chinese and North Koreans; it's now democratic states," Durbin says. "I think that's come as a shock to a number of people, and it changes the landscape significantly."

A Balkanized Internet Complicates Business

To exert control over the free-wheeling nature of the Internet, nation states have begun using filtering to prevent citizens from accessing undesirable content and they have begun exploring the use of sovereign networks to isolate their communications from foreign spies — essentially a local approach to Internet governance through which they hope to draw "geopolitical borders on the Internet," Durbin says.

Unintended Consequences of State Intervention

As authorities attempt to police their corner of the Internet, many organizations can expect to suffer collateral damage — like the blows to reputation many U.S. service providers have suffered as details of some NSA spying programs became public.

Service Providers Become a Key Vulnerability

Service providers are becoming a key vulnerability in supply chains that cybercriminals can exploit to target organizations indirectly.

Big Data = Big Problems

Data analytics can be a huge boon to your organization if leveraged properly, but basing strategic decisions on faulty or incomplete datasets can lead to disaster, Durbin says.

Mobile Apps Become the Main Route for Compromise

Mobile continues to be one of the most disruptive trends affecting the tech landscape today. But the rapid development cycle and lack of security considerations around mobile apps make them a prime target for cybercriminals and hackers seeking a way into the enterprise.

Encryption Fails

Encryption has become the default approach to securing Internet interactions. But the increasing availability of massive amounts of computing power, combined with back doors in software, means you can no longer expect something to be secure simply because it's encrypted. There's no such thing as ultimate security, Durbin says. Encryption should be a component of a security plan, but not the entirety of it.

The CEO Gets It, Now You Have to Deliver

For years, the CISO and other security professionals have been lone voices in the wild. But that's changing. The CEO and other C-suite executives are coming around to the need for security.

Skills Gap Becomes a Chasm

As organizations reach out for security professionals to help them fill key positions, people with the right skills will become increasingly scarce, Durbin says.

Information Security Fails to Work with New Generations

Millennials who have grown up in the digital age have a different view of security and privacy than preceding generations.

Reference:

By Thor Olavsrud, CIO | Apr 21, 2014 

http://www.cio.com/article/2368648/security0/149359-10-Top-Information-Security-Threats-for-the-Next-Two-Years.html