Information security and compliance trends for the new year

Coalfire released its top five cybersecurity predictions for 2014. Rick Dakin, the company’s chief security strategist, consolidated an analysis from over 1,000 audits and forensics investigations in 2013 to develop the 2014 predictions.

“In 2013, there were several high-profile cybersecurity cases – Edward Snowden and the issues with the federal healthcare website, to name a few,” said Dakin. “We are certainly going to have more cybersecurity challenges ahead, but many enterprises are not yet prepared to either identify or respond to the emerging risks.”

For 2014 Dakin predicts the following:

1. There will be a significant security breach at a cloud service provider that causes a major outage.
A single cloud provider may house sensitive information on tens if not hundreds of thousands of individuals. Business owners and executives should recognize the increased necessity of evaluating risk within their third-party cloud service provider (CSP) systems and in provider/vendor relationships to protect trade secrets and prevent intellectual property leaks.

2. The migration from compliance to IT risk management will accelerate.
While the supply chain will incorporate innovative solutions that will introduce significant new risks, the maturity of cybersecurity within most large enterprises continues to accelerate. Risk and compliance management firms must better align to the business needs of their clients, instead of providing spot reports for a single purpose.

3. Emerging threats will shift security programs from static boundary protection to more proactive monitoring and response programs.
Security programs from just three years ago are no longer adequate. In 2014 there will be many more virulent types of attacks. The damage generated by those targeted attacks will be significant enough to drive further migration from static border protection and access control-based security programs, to dynamic programs that analyze new threats and risks on a daily basis and drive upgrades, updates and system changes.

4. There will be a significant increase in malware for Android phones, and malware will begin to affect iPhones, too.
Tablets and smartphones were developed with the same level of concern about security that was applied to Windows 95 platforms during the early days of the Internet. Today, there simply is not adequate security to protect users from the serious threats that are known. Additionally, there is a severe lack of awareness among consumers about the potential for malware to attack their devices, and a recent study found that 80 percent of smartphones are unprotected from malware.

5. The number of data breaches in healthcare caused by Business Associates (BAs) will increase dramatically because of the final Omnibus Rule.
The Omnibus Rule required that all BAs be HIPAA compliant by September 23, 2013, yet many BAs don’t even know they are a BA, or that they are now liable for data breaches caused by the mishandling of electronic protected health information (ePHI). In addition, the process for Covered Entities (CEs) to manage HIPAA compliance for potentially thousands of BAs can be cumbersome and inaccurate. Many BAs are simply ignoring the requirements, which will lead to numerous data breaches in 2014.