The consumerization of IT will continue to wreak havoc on IT departments in 2013 as the rise of bring-your-own-device (BYOD), cloud computing and social media continuously provide ill-intended hackers and cyber criminals expanded platforms to exploit.
As employees use more consumer-grade applications and access more corporate data from unmanaged mobile devices, the network perimeter continues to disappear – along with IT's ability to enforce appropriate security controls.
Convenience and efficiency is top of mind for end-users, while security awareness ranges from limited to non-existent. As a result, security officers will have their work cut out for them in the year ahead. New breeds of sophisticated attacks designed to take advantage of security-ignorant end-users debuted in droves throughout 2012 – and I expect this trend will only strengthen in 2013.
Here's the Top 7 end-user security threats that IT departments must be prepared to combat in 2013:
Based on the sheer volume and velocity of attacks against unsuspecting and under-educated employees expected in the year to come, it is evident that something must be done to shore up this gaping hole in corporate defenses. Maintaining the status quo will not be a sustainable option in 2013, as resource strapped IT organizations cannot afford to spend increasing amounts of time, money and energy responding to these types of cyber attacks.
Recognizing that humans are still the weakest link in the security chain, many security officers are re-evaluating their approach to cyber security training and embracing new interactive forms of training to improve knowledge retention and behavior modification rates. A new report out from Wisegate cites security awareness as one of the top CSO priorities for 2013.
Further, Chris Christiansen, program vice president for IDC's security products and services group, notes that threats are evolving at a rapid pace as employee adoption of mobile computing and social networking has skyrocketed. He adds that, “The old once-a-year ‘check box' approach to security training cannot keep pace. It is time for employees to understand the importance of security policies and learn how to put them into practice.”
Most employee-caused security breaches occur through ignorance rather than malice. Research shows that organizations with well-understood security policies suffer fewer breaches, and companies with an ongoing security awareness program suffer 50 percent less breaches.
While no risk factor can ever be entirely eliminated, companies that implement new interactive approaches to security awareness training are finding that the payout is worth the investment. As employees learn how to identify and report attacks, they become invaluable to a company's defensive, as well as offensive security posture.
- See more at: /top-7-end-user-security-priorities-for-2013#sthash.o5QTJfex.dpuf