Security has never been a more imperative priority for financials services IT than now. Recent waves of cyber attacks, which were thought by the U.S. government to originate in Iran, against American banks are just the tip of the iceberg of what banks have to fend off on a daily basis.
With that in mind, independent IT GRC auditor Coalfire offered its predictions of the top IT security trends in the coming year. “Last year was a very active year in the cybersecurity world,” said Rick Dakin, CEO and co-founder of Coalfire. “The Secretary of Defense announced that the threat level has escalated to the point where protection of cyber assets used for critical infrastructure is vital. Banks and payment processors came under direct and targeted attack for both denial of service as well as next-generation worms.”
The Migration to Mobile Computing Will Accelerate and the Flaws of Mobile Operating Systems Will Become Known
Look out for Windows 95 level security on iOS, Android 4 and even Windows 8 as consumers continue to connect to bank and investment accounts - as well as other important personal and professional data - on smartphones and tablets, says Dakin.
As of today, there is no way to secure an unsecured mobile operating system (OS), Dakin notes, adding that that some risks can be mitigated, but many vulnerabilities remain and this lack of mobile device and mobile network security will drive protection to the data level. Expect to see a wide range of data and communication encryption solutions before you see a secure mobile OS, he says.
He also predicts this lack of security, combined with the ever-growing adoption of smartphones and tablets for increasingly sensitive data access, will result in a systemic loss for some unlucky merchant, bank or service provider in 2013, that will affect more than 1 million users and cause a loss of at least $10 million.
Government Will Lead the Way in the Enterprise Migration to "Secure" Cloud Computing
Coalfire believes the fledgling FedRAMP program will continue to gain momentum and there will be more than 50 enterprise applications hosted in secure federal clouds by the end of 2013. Additionally, commercial cloud adoption will have to play catch-up to the new benchmark that the government is setting for cloud security and compliance, and it is expected that more cloud consumers will want increased visibility into the security and compliance posture of commercially available clouds, predicts Coalfire.
Also on the cloud front, Dakin believes another major issue for 2013 is that the adoption of cloud in mobile technology for electronic banking is going forward without any platform validation.
"Today, consumers are not thinking when they access their e-banking accounts on their phone or mobile devices, whether or not this cloud networking connection is safe," he says. "When in fact, none of the phone operating systems are safe. The financial services sector has been slow in providing industry certification for platforms, and as we move into 2013, this issue on the lack of security in those emerging technologies can and will most likely become a problem."
Lawyers Will Find a New Revenue Source - Suing Negligent Companies Over Data Breaches.
Dakin believes plaintiff attorneys will drive companies to separate the "cozy" compliance and security connection, and that it will no longer be acceptable to obtain an IT audit or assessment from the same company that is managing an organization’s security programs.
Critical Infrastructure Protection (CIP) Will Replace the Payment Card Industry (PCI) Standard as the White-Hot Tip of the Compliance Security Sword.
Dakin says that while banks, payment processors and other financial institutions are becoming much more mature in their ability to protect critical systems and sensitive data, critical infrastructure organizations like electric utilities, water distribution and transportation remain softer targets for international terrorists.
Security Technology Will Start to Streamline Compliance Management.
Finally, Coalfire predicts the cost of IT compliance will start to drop for the more mature industries such as healthcare, banking, payment processing and government; and continuous monitoring and reporting systems will be deployed to more efficiently collect compliance evidence and auditors will be able to more thoroughly and effectively complete an assessment with reduced time on site and less time organizing evidence to validate controls.
Bryan Yurcan is associate editor for Bank Systems and Technology. He has worked in various editorial capacities for newspapers and magazines for the past 8 years. After beginning his career as a municipal and courts reporter for daily newspapers in upstate New York, Bryan has ... View Full Bio