Outlook grim for cyber security in 2014, says KPMG

This article was originally published on Technology.Info.
As part of our continuing strategy for growth, ITProPortal has joined forces with Technology.Info to help us bring you the very best coverage we possibly can.

Beware of black swans in 2014, warns a new report from management consultancy KPMG.

A ‘black swan’ incident is something every company dreads: an unforseen event that comes as a major surprise, has a big impact on business operations and, when seen in retrospect, makes a business more guarded in its risk outlook.

Increasingly, such events take the form of attacks on IT infrastructure, designed to steal valuable business information - and that will keep IT security professionals busier than ever in 2014, according to Malcolm Marshall, UK and global leader of the Information Protection and Business Resilience team at KPMG.

Marshall expects to see the most sophisticated and advanced hacking techniques emerge in the year ahead. In response, he says, governments will step up their focus on business compliance to cyber-security standards.

“As governments worry about the scale of the cyber security threat, we can expect to see more national standards emerge, and greater pressure for ‘voluntary’ compliance. The US NIST cyber security framework and the UK government’s ‘kitemark’ are just two examples,” he says.

“On the back of emerging standards, we will see the cyber insurance market develop and begin to provide market incentives for compliance, whether that is a willingness to insure or reduce premiums.” Non-compliance, he predicts, will lead to a legal debate over where liability for such incidents lies.

This more regulated environment will also prove fertile ground for companies offering ‘cyber intelligence’ services, according to Marshall.

That’s not likely to deter cyber criminals, however, and smartphones and tablets are likely to become an increasingly attractive target.

“Organised crime will always follow the money, with a growing range of malicious apps targeting online transactions, sophisticated spyware and attack techniques [that] exploit the link between the user’s mobile phone and their home computer. We can also expect more targeted attacks as criminals tailor their email campaigns and carefully choose their watering holes to lure in unsuspecting users.”

Meanwhile, the debate on the future of the Internet will lumber on, he suggests. “Snowdon’s revelations have triggered a privacy debate [that] will continue to rage in 2014. Expect more disclosures, more calls for greater transparency over government actions, and more efforts by the Internet giants to persuade customers that their data is secure.”

“The Internet contributes more than 8 percent of our GDP [gross domestic product] and the figure is predicted to grow to 12 percent by 2016,” he points out. “But do we really understand our dependency on the network? Denial of service [DDOS] attacks have been on the rise since 2012, growing in scale and sophistication. Network engineers do an amazing job of keeping the Internet running, but many of the protocols at its heart remain insecure. Attacks on directory and routing services have grown in 2013, and we have seen denial of service attacks against banks and media sites often linked to international tensions elsewhere in the world. A major outage of a country’s internet service may be on the cards, but if not, we can expect numerous disruptive DDOS attacks against individual firms, sometimes with extortion in mind.”

Topics