Unfortunately, it’s not going to be plain sailing on the security front in 2014. It’s a bit like Friday 13th. Many folk say that Friday 13th is not their unlucky day at all, it’s Saturday 14th they worry about! And believe me, we do have a lot to worry about.
So, what am I concerned about? And is there any good news for 2014? Well, the answer to the latter is “yes”, but unfortunately the bad news is going to continue to dominate the headlines in 2014.
You see, we have created a bit of a mess, with so many loopholes and back-doors that we don’t even know where to start. And the fraudsters have been quick to capitalise on this chaos with the result that they have been steadily building their fraud infrastructure
on a true global scale. It’s not just the fraudsters we have to worry about either, it’s any entity out there with malevolent intent, whether it’s governments (and even the good ones, unwittingly or otherwise, contribute to the problem), hackers, disaffected
individuals, espionage, etc etc. Anyone with a serious intent can inflict damage on a wide-scale basis. And we will see the true impact of many of these attacks, in particular Advanced Persistent Threats, emerge in 2014. When a target is identified, the pursuit
is relentless until the initial goal of infiltration is achieved. From then on it’s all about establishing a foothold and strengthening this position until widespread compromise is achieved. Once inside and established it is a massive task indeed to counter
and eradicate the threat. Whilst the primary target is likely data, and all data has a value, there could be other more sinister motives. Governments looking to target other governments for espionage, corporates doing likewise, perhaps to “take a competitor
out”. Many organisations have built up reputations of trust over many years, such a reputation could be destroyed by a single breach. And it’s the scale of breaches that is so worrying, the incidence and impact of individual breaches is staggering. Whilst
nobody would doubt that the most important role of any organisation is surely the Head of Security, if this function is not up to the task then the organisation is immediately at risk. However, we must all share the burden. Everyone within an organisation
must be an extension to the security function and be vigilant at all times. We are after all under attack and realising that this is the case is the first step in the defence strategy. And we should all adopt this approach in our own personal lives as well.
Fraudsters deploy lots of clever techniques to con us out of our personal data. We need to be just as vigilant in our own personal lives
And no, this isn’t scaremongering. It’s a wake-up call, a call to action. Whilst of course the focus must continue on the existing defence mechanisms, and keeping the bad guys out, unfortunately such a strategy alone is no longer adequate. You have to think
differently. The fraudsters did. They saw that the focus was on perimeter defence and immediately went to work….inside the organisation. So, the new threat is inside the organisation and any organisation needs to assume that have already been infiltrated and
build their enhanced defence strategy around such an assumption.
Such a starting point is also essential in terms of good customer care. Data breaches have become a major source of consumer attention and worries, and rightly so. The headlines give good cause for worry. Stealing personal data is a $multi-billion global
business, whether by compromising data directly or by purchasing the fruits of other criminals’ efforts through online forums. So, it’s inevitable that this trend will continue through 2014 and beyond. Consumers bear the full brunt of the breaches in their
personal lives and for those consumers who have been compromised, nothing that can truly compensate for the worry and the stress. I believe that 2014 will see a greater focus on privacy, driven by a more thoughtful consumer. Governments will respond to this
and I expect that the European Union will be the first to lead the charge with sweeping changes that seek to enshrine the privacy and data protection of its citizens. “Opt In” processes will be forced to be more transparent and realistic and organisations
will be made more accountable and responsible for the data they require and hold.
So, 2014 will see a more intense focus on the need to better authenticate a user’s identity – not just in the financial services arena, where cutting edge biometrics (like voice) are already starting to be employed to secure mobile banking and payments transactions
– but also for improving the customer experience and security in other industries. This could include accessing patient records in the healthcare profession, for the authentication in a call centre, or securing remote access in enterprise environments to name
just a few examples. The objective of better authentication is to mitigate the threat of continued data breaches by rendering data unusable by criminals. Much of our authentication practices deployed today are out of date and inadequate for the world we live
in. Authentication processes and risk decision practices need to be context aware – multi-layered invisible technologies applied in real-time and commensurate with the perceived risk of any transaction, yet totally intuitive from the end-users perspective.
2014 will see these new authentication methods become main-stream and will be a game changer in countering sophisticated fraud providing significant competitive advantage to those organisations that are first to adopt and deploy.