Continuing our round up of 2013 IT security vendor predictions, we've got the thoughts of three of the big Infosecurity Europe exhibitors: Palo Alto Networks, SafeNet and Kaspersky Lab.
Brian Tokuyoshi from Palo Alto Networks predicts that social media, data decryption and virtualised network security will be high on the agenda in the year to come.
"Increasingly, social media platforms and webmail are becoming de facto communication platforms for personal use, bypassing enterprise security products in the process. Encryption makes more of this traffic invisible to existing security controls. In 2013, enterprises need to find ways to make sure Internet personal use policies do not conflict with the policies (or bypass the technologies) needed to protect the enterprise."
"Enterprises need to start thinking about decryption not just for data loss, but to check for policy violations and malicious content. CISOs will need to work together closely with HR and legal teams to respect personal privacy while maintaining corporate security, and to make sure that the cure isn’t worse than the ailment."
"When one virtual machine talks to another on the same host, the traffic may never cross the network. As a result, virtualisation network traffic may bypass all the physical network security protections in place for intrusion prevention, malware detection and policy enforcement. In 2013, organisations will be looking closely at their virtualisation strategy to see if it is in line with the network security best practices."
Meanwhile, Jason Hart from SafeNet, thinks education and mobility will be key:
"2012 suggested that despite everything we still don’t seem to be learning the lessons of data protection. Too much of the damage and frequency of data breaches and hacktivist attacks can be attributed to flawed approaches to how critical data is secured. This can’t continue and the channel can play a pivotal role in turning around data breach prevention strategies that are failing. Quite simply 2013 should be the year that more organisations embrace the concept of the secure breach. This means having processes and technologies in place that kill the data and make it useless if it falls into the wrong hands. In essence, security is embedded in every piece of data that’s valuable to you."
"Mobility is going to continue to become a greater part of how people access and use their business data and applications. This is opening up a new range of security threats arising from the use of personal devices on otherwise protected systems. To take a simple example, if someone needs to charge their phone using a USB connector, this could introduce a key logger onto a computer within the corporate development systems. The requirement of many large organisations to extend their authentication infrastructure presents the channel with a challenge as well as a huge opportunity in 2013. Multi-factor authentication is well understood as a key part of a data protection strategy but its wide scale proliferation has been held back by high management overheads and operational pressures."
Which just leaves us with what David Emm, the senior security researcher at Kaspersky Lab, has to say about 2013:
"The most notable predictions for the next year include the continued rise of targeted attacks, cyber-espionage and nation-state cyber-attacks, the evolving role of hacktivism, the development of controversial ‘legal’ surveillance tools and the increase in cybercriminal attacks targeting cloud-based services. Targeted attacks on businesses have only become a prevalent threat within the last two years. Kaspersky Lab expects the amount of targeted attacks, with the purpose of cyber-espionage, to continue in 2013 and beyond, becoming the most significant threat for businesses. Another trend that will likely impact companies and governments is the continued rise of ‘hacktivism’ and politically-motivated cyber-attacks. State-sponsored cyber warfare is also expected to continue in 2013. In fact, during 2012, Kaspersky Lab discovered three new major malicious programs that were used in cyber warfare operations: Flame, Gauss and miniFlame. Experts at Kaspersky Lab expect more countries to develop their own cyber programs for the purposes of cyber-espionage and cyber-sabotage. These attacks will affect not only government institutions, but also businesses and critical infrastructure facilities."