With increasingly stringent compliance mandates, a flurry of vendor consolidation, demands for audit reporting, and a spike in complex security breaches, 2010 has been a dynamic year for the IT security and compliance world.
As 2011 promises that we’ll continue to see more of the same, managing the changes to IT assets and systems that introduce dangerous security vulnerabilities into the IT environment will continue to be critical for organizations in ensuring the security and compliance of their IT infrastructures.
Tripwire outlines the following predictions for 2011:
The Stuxnet effect: The impact of the Stuxnet attacks earlier this year went far beyond any other cyberattack to date. What Stuxnet uniquely accomplished is that it raised the consciousness of people outside of the IT and information security community, capturing attention from government officials and the general public about the threat of cyberattacks and the vulnerability of critical infrastructure.
Steps toward a secure cloud: The coming of age of the cloud has seen sensitive data increasingly residing in one place and/or in shared environments, leading to the emergence of a very rich target for deliberate, well financed cybercrime organizations.
Some companies have recognized this and are beginning to closely monitor their data on the cloud, but it’ll take many cloud breaches before the industry as a whole becomes diligent about protecting themselves.
Cyber forensics comes to the fore: Cyber forensics received significant attention, thanks to the devastating impact of rapidly evolving attack methods and malware – which has led to the need for real-time behavioral analysis of anomalies across systems, files and security controls.
Cyber forensics is increasingly being seen as a proactive method for pre-breach assessment and post-breach analysis. The organizations that adopt more proactive measures in 2011 will not avoid breaches all together, but will suffer less damage from them.
Mid-size targets grow: Cyber attackers have started to shift to target less protected mid-sized businesses across the education, non-profit and SMB sectors. This is because machines in mid-size companies are typically less protected than enterprises, attracting attacks from criminals who see smaller organizations as the path of least resistance for accessing private company data.
Security industry consolidation: The market responded to a customer interest in comprehensive security suites that address the multitude of security and compliance challenges related to protecting their sensitive data and critical systems.
In 2011, we’ll see security providers tailor their offerings to meet this customer interest and address the complex threat landscape by partnering with former adversaries to create multi-faceted security solutions – providing comprehensive visibility into true threats, real-time detection and rapid resolution.