Guidance on cybersecurity, private clouds and privacy
ISACA today issued guidance on managing three top trends posing major challenges to businesses in 2013: cybersecurity threats, private vs. public clouds and data privacy.
Viruses that send unsolicited emails and attack web sites, as well as search engine poisoning—where unwitting users are misdirected toward questionable or fraudulent sites—are among the increasingly sophisticated tactics used to capture and exploit consumer data and pose threats internationally.
“As more devices utilize IP addresses, increasing the attack surface, cyber criminals will dedicate themselves to increasingly complex attacks in 2013,” said Jeff Spivey, CRISC, CPP, international vice president of ISACA.
Over the next year, interest in private or hybrid (public/private) cloud will grow. The rise of personal clouds will challenge data protection for a mobile workforce that embraces BYOD. Cost, speed, manageability and security are factors most debated in cloud computing.
ISACA’s 2012 IT Risk/Reward Barometer shows that IT professionals remain wary of public clouds; 69 percent believe that the risk of using public clouds outweighs the benefit. Opinions of private clouds are the opposite—the majority (57 percent) believes the benefit outweighs the risk. Other findings include:
- Among people using cloud for mission-critical services, there is a 25-point difference between those who use private (34 percent) versus public (9 percent).
- One of the high-risk actions employees take online is using an online file-sharing service, such as Dropbox or Google Docs, for work documents (67 percent).
- The most effective way to reduce IT risk is to educate employees (36 percent).
“In the cloud debate, the trump card will often be played by business-line leaders responsible for customer satisfaction and revenue. IT leaders can avoid hype and broadly evaluate risk and return through the eyes of the business,” said Brian Barnier, principal analyst at ValueBridge Advisors and a risk advisor with ISACA. “There are no cute tricks. This is where ISACA’s 44 years of knowledge can help.”
In the coming year, IT professionals will have to manage not just threats of data leakage and identity theft, but also growing consumer and employee concerns about data privacy.
“The protection of personally identifiable information (PII) is the responsibility of organizations and individuals,” said Greg Grocholski, CISA, international president of ISACA and chief audit executive at The Dow Chemical Company. “Organizations need a governance structure to ensure that PII is managed and protected, and individuals must be aware of what PII they are providing and to whom. Privacy by design, confidentiality of location-based information, the consumerization of IT, and increased regulations are among the top 2013 trends in data privacy that ISACA anticipates will need to be addressed.”