2012 was a year where Twitter became an integral part of everyday lives. For some, Sally Bercow perhaps being the most high-profile example from the UK, 2012 was also the year where Twitter had to be relegated to the past.
Freedom of expression released by micro-blogging is something anybody can take advantage of, anybody can quickly develop a following for and many are fast learning some hard lessons about.
The wife of the UK’s Speaker of the House of Commons, Sally Bercow found herself slapped with an injunction after releasing information about a minor whose identity was protected by the courts and in the process potentially libelled a member of the House of Lords by incorrectly identifying or insinuating his involvement in sex abuse.
Almost immediately proven to be a case of mistaken identity the Lord in question, Lord McAlpine has, in addition to launching libel suits against at least 20 targets, gone on to pursue 10,000 tweeters and retweeters for their involvement in trending this libellous activity, demanding that they apologise and donate £5 to Children in Need. Good for him!
This is a story that epitomises how information security management evolved in 2012, while portraying a new horizon that all - society, business, and security professionals alike—will move towards this year.
Our lives in business, at home and with friends have become socially networked. Everyone has the potential to develop a public persona, while business and personal lives are becoming inevitably interlinked. Most have yet to develop the instincts required to live happily in this world. Companies certainly haven’t. It’s a game changer for information security.
In 2013, we can expect to see more and more companies not only “embracing” but also “adjusting” to the new social landscape with hyper-connected employees enabled by the ability to bring their own device to work and the proliferation of applications that allow them to choose how to best do their jobs.
In business we will see a real mix of corporate and personal systems; technology development slipping away from the control of a carefully planned IT strategy; and the resulting vulnerability and threat landscape following this development, as already evidenced by phishing attacks and malware moving from email to social networks and smart phones.
Over the last two years, our members have told us the pace of technology change and the stresses of managing it have been unprecedented as companies moved to virtualised and cloud-based systems.
In 2013 this pace of change and stress will continue as we see the next stage of development with mobility, BYOD and social communities that take advantage of the flexibility of these systems, and the resulting proliferation of data.
The skills requirement will also continue to undergo dramatic change as information security risk becomes less about the corporate systems.
Fortunately, the need for security is “trending” shall we say as management begins to recognise the need to be more proactive and individuals, perhaps driven by some of those hard lessons, begin to understand their accountabilities.
It should be a good year for skilled security professionals who will continue to be in demand: The bite of a skills gap which drove salaries and employment levels to rise this year (despite economic troubles) will contribute to the levels of stress being felt however. Governments too are recognising the need to be proactive in security and continue to push security requirements up the priority stack.
Ironically, this is giving birth to en era of confusion, something I expect will become apparent next year as more and more governments become active in developing strategies of different flavours to suit their own requirements and of course work to be seen to be ‘doing something.’
So much government-funded parochial activity to for example introduce kite marking schemes for security quality in products and systems, and even companies, enshrine skills requirements within standards, and update privacy legislation, to name a few, threatens to undermine what they hope to accomplish. I do expect this kind of activity to proliferate, but don’t expect a huge impact on defences in 2013.
In summary, this year could be a turning point for security where the masses begin to appreciate its importance. As a result good progress will be made, but I suspect we will not get to the point where we are ahead of the game.
Posted by John Colley, Managing Director EMEA, (ISC)2