Continuing our round up of 2013 IT security vendor predictions, we've got the thoughts of three of the big Infosecurity Europe exhibitors: Palo Alto Networks, SafeNet and Kaspersky Lab.

dweb-infoseceurope Brian Tokuyoshi from Palo Alto Networks predicts that social media, data decryption and virtualised network security will be high on the agenda in the year to come.

"Increasingly, social media platforms and webmail are becoming de facto communication platforms for personal use, bypassing enterprise security products in the process. Encryption makes more of this traffic invisible to existing security controls. In 2013, enterprises need to find ways to make sure Internet personal use policies do not conflict with the policies (or bypass the technologies) needed to protect the enterprise."

"Enterprises need to start thinking about decryption not just for data loss, but to check for policy violations and malicious content. CISOs will need to work together closely with HR and legal teams to respect personal privacy while maintaining corporate security, and to make sure that the cure isn’t worse than the ailment."

"When one virtual machine talks to another on the same host, the traffic may never cross the network. As a result, virtualisation network traffic may bypass all the physical network security protections in place for intrusion prevention, malware detection and policy enforcement. In 2013, organisations will be looking closely at their virtualisation strategy to see if it is in line with the network security best practices."

Meanwhile, Jason Hart from SafeNet, thinks education and mobility will be key:

"2012 suggested that despite everything we still don’t seem to be learning the lessons of data protection. Too much of the damage and frequency of data breaches and hacktivist attacks can be attributed to flawed approaches to how critical data is secured. This can’t continue and the channel can play a pivotal role in turning around data breach prevention strategies that are failing. Quite simply 2013 should be the year that more organisations embrace the concept of the secure breach. This means having processes and technologies in place that kill the data and make it useless if it falls into the wrong hands. In essence, security is embedded in every piece of data that’s valuable to you."

"Mobility is going to continue to become a greater part of how people access and use their business data and applications. This is opening up a new range of security threats arising from the use of personal devices on otherwise protected systems. To take a simple example, if someone needs to charge their phone using a USB connector, this could introduce a key logger onto a computer within the corporate development systems. The requirement of many large organisations to extend their authentication infrastructure presents the channel with a challenge as well as a huge opportunity in 2013. Multi-factor authentication is well understood as a key part of a data protection strategy but its wide scale proliferation has been held back by high management overheads and operational pressures."

Which just leaves us with what David Emm, the senior security researcher at Kaspersky Lab, has to say about 2013:

"The most notable predictions for the next year include the continued rise of targeted attacks, cyber-espionage and nation-state cyber-attacks, the evolving role of hacktivism, the development of controversial ‘legal’ surveillance tools and the increase in cybercriminal attacks targeting cloud-based services. Targeted attacks on businesses have only become a prevalent threat within the last two years. Kaspersky Lab expects the amount of targeted attacks, with the purpose of cyber-espionage, to continue in 2013 and beyond, becoming the most significant threat for businesses. Another trend that will likely impact companies and governments is the continued rise of ‘hacktivism’ and politically-motivated cyber-attacks. State-sponsored cyber warfare is also expected to continue in 2013. In fact, during 2012, Kaspersky Lab discovered three new major malicious programs that were used in cyber warfare operations: Flame, Gauss and miniFlame. Experts at Kaspersky Lab expect more countries to develop their own cyber programs for the purposes of cyber-espionage and cyber-sabotage. These attacks will affect not only government institutions, but also businesses and critical infrastructure facilities."

About the Author

As Editorial Director and Managing Analyst with IT Security Thing I am putting more than two decades of consulting experience into providing opinionated insight regarding the security threat landscape for IT security professionals. As an Editorial Fellow with Dennis Publishing, I bring more than two decades of writing experience across the technology industry into publications such as Alphr, IT Pro and (in good old fashioned print) PC Pro. I also write for SC Magazine UK and Infosecurity, as well as The Times and Sunday Times newspapers. Along the way I have been honoured with a Technology Journalist of the Year award, and three Information Security Journalist of the Year awards. Most humbling, though, was the Enigma Award for 'lifetime contribution to IT security journalism' bestowed on me in 2011.

All the companies will try to lure people to upload all their private data to their cloud. Because they know that people will not migrate to other company/device/vendor, as it will be difficult for them to adjust to the new environment. Then as next phase they will change the agreements from "we can give statistic data to 3rd party" to "we own all your data". Basically Android user will not be able to move so easy to WP/apple, as there will not be any easy way to do it. See activesync fight. As social(any) networks will try to be as mass as possible, they will try to make user_access easy for you and also for 3rd rogue party. Of course, they will secure everything with cheap payed people. In the end it will be useless against skilled 3rd rogue party.

Member Avatar

LastMitch

"The most notable predictions for the next year include the continued rise of targeted attacks, cyber-espionage and nation-state cyber-attacks, the evolving role of hacktivism, the development of controversial ‘legal’ surveillance tools and the increase in cybercriminal attacks targeting cloud-based services.

cyber-espionage or cyber-sabotage, I don't read that often or recognized those phrases.

But cyber-armegeddon, yes I do fear that the most.