IT Security in 2014: Challenges and More Challenges Posted on May 8, 2014 by Tim Burke Information technology has become a business essential. We’ve reached the point where our ability to thrive and succeed depends on key software apps and the technology (wherever it may be) that runs them, our access-from-anywhere to the Internet, and our ability to gather and analyze troves of digitized data. The easiest targets So important are these capabilities that we often put them into use before we’ve figured out the myriad of ways they’re vulnerable to those with malicious intent. And while smaller enterprises used to be able to escape the worst of these vulnerabilities simply by slipping beneath cybercriminals’ radar, those days are gone. In fact, less protected smaller businesses have become a favorite for some attackers — just like homes with unlocked doors and windows attract burglars seeking the easiest targets. It ain’t pretty This is why, as 2014 rolls along, I’ve decided to take a look at what security experts are currently telling us about our foremost security exposures. Here’s some of the worst of it, presented in tip-of-the-iceberg fashion: • 100% of business networks analyzed by Cisco have traffic going to websites that host malware • Detected security incidents have increased 25% during the last year and the average cost of security incidents has climbed 18% • Those reporting a loss of data resulting from a security incident increased by 16% over the last year • Insiders (sometimes not malicious, just error-prone) accounted for many security incidents • More than 550 million identities were breached in 2013 and eight of those breaches exposed more than 10 million identities each • Although 38% of mobile device users have been victims of cybercrime (chiefly stolen devices), risky mobile behaviors have not abated. Some 52% of mobile users store sensitive data on their devices, including 24% who place work and personal data in the same cloud storage accounts. • Java vulnerabilities are exploited the most (more than Flash or PDFs) by cybercriminals since 97% of enterprise desktops run it • Zero-day vulnerabilities — 23 identified by Symantec in 2013 — stand at record levels. Although the top five of these were patched in just days of being discovered, they accounted for more than 174,000 additional, post-patch attacks. • Ransomware attacks (in which cybercriminals encrypt files and then demand payment to decrypt them) grew by 500% in 2013 and are expected to increase dramatically this year as online payment methods become more prevalent Whew! In my next post, I’ll review some of the ways you can defend against the malice, error and neglect that lurk behind so many enterprise security breaches.