Traditional risk management is insufficient when it comes to dealing with newer cyberspace risks, according to a new report from the Information Security Forum, an international authority on information security.
The ISF Threat Horizon report, based on cyber security predictions through 2014, outlines three specific types of threats that we can expect to face in the next couple of years:
- External threats: These are more sophisticated attacks, stemming from either state state-sponsored espionage or hacktivists, with the intention of having a physical impact in the real world.
- Regulatory threats: More like just an actual warning rather than a harmful action, these types of attacks are designed to call for greater transparency and security preparedness.
- Internal threats: Much like the old adage of keeping your friends close but your enemies closer, sometimes the greatest threats come from within the same business. These threats might not always be intentionally malicious either. Just think about all the worries surrounding connecting unprotected personal devices to work networks.
Researchers advised in the report that enterprise risk management and preparedness, in particular, must be a higher priority in order to create risk resilience.
Furthermore, ISF researchers remind global enterprises that not only are their sensitive resources and information at risk, but their brand as well.
One of the easiest examples of how a major cyber attack (such an "external threat") can harm a company's brand with its customers over the long term is Sony after the PlayStation Network was hacked in spring 2011. Although the company rebounded, it's hard to argue that a significant amount of trust from consumers hasn't been lost.
- Cyber criminals innovate like businesses, forming global industry: report
- IBM: Only 1 in 5 data centers operating efficiently
- Researchers discover "worrisome" authentication flaws in many online services, sites
- Passwords are the weakest link in enterprise IT security: study
- Report: 51% of web site traffic is 'non-human' and mostly malicious