Gartner: Top Security Trends and Take-Aways for 2013

Gartner:Cloud computing, mobile ushering in “major shift” for enterprise security practices

Gartner Thursday held forth on what it expects to be the top security trends for 2013, citing the rise of cloud computing, social media and employees bringing their own devices to work as among the forces likely to produce radical changes in how enterprises manage IT security. The market research firm also says the “major shift” expected in IT security in 2013 will shake up established IT security vendors as newer players in cloud and mobile challenge them.
Earl Perkins, Gartner research vice president, said during a webinar on January 03, 2012 with clients that the forces cited above, as well as an “information explosion” in the enterprise, are putting enormous pressure on enterprise IT professionals and vendors by “making some of the existing IT infrastructures obsolete.” He added: “Will the major providers of security technology be the same ones in three to five years? The answer is probably not.”

Perkins said Gartner analysts believe the vendors, service providers and value-added resellers of today are starting to feel the volatility of market changes wrought by the rise of cloud-computing services and new practices such as enterprises adopting smartphonesand other mobile devices, and allowing employees to use their own at work. A large IT security firm such as Symantec, although certainly “aware and making changes” due to the growing importance of cloud and mobile, said Perkins, is nonetheless under pressure from many smaller companies that are “nimble” in introducing new technologies.
Mobile and BYOD “challenge the fundamental principles by which we deliver applications,” to users and protect user data, said Perkins. It means “consumer identities” will need to be tied to “corporate identities” in terms of authentication, authorization and other identity access and management functions. There will be pressure to “manage diversity” in this, he added. And when it comes to access to cloud-based services, the goal will be to find ways for introducing cloud-based access and authentication so users will “enjoy” these services “adequately and securely” in what may be a hybrid-cloud environment with the enterprise network.

Read full article at: NetworkWorld

In News: 2013-Data Breaches & Cloud dramatically increase fraud levels in UK



Leading fraud consultancy UK Fraud (www.ukfraud.co.uk) has identified 10 key trends that will characterise the domestic fraud prevention market in 2013.


Bill Trueman, widely accepted as a leading fraud expert in Europe, has extensive experience in banking, insurance and financial services sectors. Turueman’s UK based consultancy, UKFraud, has an impressive international track record of eliminating the risk of fraud.

The trends are:

  1. With more high quality data becoming available to fraudsters than ever before, an economy forecast to contract and the UK’s benefits spend reducing, overall fraud levels will continue to increase dramatically across the UK and the rest of Europe. Fraud hotspots most likely to be affected in 2013 include: banks and card companies, insurers, online merchants, retailers and government be it HMRC, the universal credit scheme or local authorities.
  2. The types of fraud likely to see the biggest growth will be CNP (Card Not Present) card fraud, other forms of cybercrime, internal fraud, and supply chain fraud. Procurement fraud is also set to rise significantly. In contracting economies, evidence suggests that people inside this function can be put under pressure to defraud.
  3. Mortgage fraud is also set to surge in 2013, with credit rating experts pointing the finger at further rises in first-party fraud – i.e. where people misrepresent their finances whilst applying for mortgages. Once again the economic climate is a significant contributor in this. 
  4. Recent spectacular mass data breaches and suspicion of cloud security in some areas will continue. An increasingly greater emphasis will be placed upon PCI DSS and other data security and integrity issues. Already, the daily number of automated attacks on bank and retailer systems runs into the millions, which means that we will continue to see major high-profile data breaches both reported and otherwise.
  5. Solutions will be based around systems for acquirers, online merchants and PSPs, who are regularly the victims of CNP fraud – where fraud is growing fast in line with the growth in internet based payments. Increasingly, solutions will move to better and newer generations of screening, scoring and risk based monitoring, such as those based upon Bayesian based fraud detection systems. These will start to pose a real challenge to older systems based on ‘so called’ Neural Networks. 
  6. Most people feel that there could be a lack of unified central direction and strategy from government. The lack of a pan-European strategy will also prevail. The UK government’s response is divided between the NFA, the Cyber Crimes unit and the Cabinet Office’s FED (Fraud Error and Debt Initiative). Some believe passionately that the lack of a unified central government strategy will drive up fraud significantly in 2013. On the positive side, at least some of the civil servants who have been involved in the NFA since the beginning are starting to gain real experience of the sector and an appreciation of the enormous challenges they face. The DWP is also tendering to get some real-world fraud strategy skills into their midst too, which should prove invaluable given the changes due with the Universal Credit. 
  7. The USA is increasingly ready for a policy U-turn on the adoption of signature as the CVM of choice. The US market will find it increasingly difficult to evolve in a global payment systems world without the protections offered either by PINs – or a ‘next generation’ solution. As the rest of the world is moving (or largely has moved) in this direction already, 2013 could see this U-turn as fraud increasingly migrates to the US. 
  8. Major insurers will continue to develop a strong and very credible fraud prevention solution based around the ‘front end’ (underwriting stage of business) The emphasis on delivering a strong industry wide data-sharing drive will also continue to increase; although a whole re-think of the industry fraud register will be needed to address Data Protection Act requirements. 
  9. There will be a major shift in the presence, position and fraud service offerings of one or more of the major data-bureaux (such as credit reference agencies), as more solutions either move ‘in-house’ or move to systems developed by a host of new players in various fraud sectors. 
  10. And there will be some surprises as there always are – whether they are policemen ‘on-the-take’, another raft of politicians fiddling their expenses, or further high profile banks brought to their knees by (usually) rogue traders.

“The current economic climate is driving change and there is an evolution in the world of fraud prevention that we have not seen before,” Says Bill Trueman, CEO of UK Fraud. “However, if we are to stay ahead of the fraudster, we have to be able to read these trends and manage both our strategy and the risks accordingly. In highlighting what we see as the trends, we aim to contribute to the debate and raise awareness of the risks. By keeping this debate alive we hope that fraud prevention will shortly gain an even greater emphasis in key seats of power – be that in the boardroom or within key government departments.”

UKFraud is a leading UK based consultancy, with an impressive international track record of eliminating the risk of fraud. Its founder Bill Trueman is widely accepted as one of Europe’s leading fraud experts and a frequent commentator and writer on the issues involved. Trueman has extensive experience of the banking, insurance and the financial services sectors and is a thought leader at the forefront of many industry wide and international debates.

In 2013 Cyber Conflicts become the norm: Symantec predicts

Symantec released its 5 most important security threat expectations of the  year 2013. Symantec claims that these predictions are based on their expertise, “understanding of threat evolution” as well as “experience in previous cybersecurity trends”.  Symantec Corporation is an American global computer security software corporation headquartered in Mountain View, California.

The threat expectations for 2013 and beyond go like this – 

Cyber conflict becomes the norm among nations, organizations, and individuals. Espionage can be successful and easily deniable. Nation States, organizations and groups of individuals use cyber tactics to gain advantage over their opponents. The conflict is moving more and more on cyber assets from physical.




 
Ransomware is the new scareware: With online payment methods becoming omnipotent and omnipresent, criminals find it easy to extract money at anytime from anywhere!! Get ready for more professional ransom screens and methods. FBI keeps cautioning the users as more cases are already being reported.According to Kevin Haley, Director of Security Response at Symantec, during 2013, there’ll be increasing utilization of commercial ransom screens, exploitation of targets’ sentiments, along with utilization of techniques, which will make recovery more difficult following system compromise.


Madware adds to the insanity: Mobile adware or “madware” is a nuisance that disrupts the user experience and can potentially expose location details, contact information and device identifiers to cybercriminals.The past experience sees rapid growth in this menace, an increase of 210% in 9 months in 2012!! Free mobile apps are going to contribute more aggressive and potentially malicious approach.


Monetization of social networks introduces new dangers – the growing social spending trend also provides cybercriminals with new ways to lay the groundwork for attack. Symantec anticipates an increase in malware attacks that steal payment credentials in social networks and trick users into providing payment details, and other personal and potentially valuable information, to fake social networks.


As users shift to mobile and cloud, so will attackers – Symantec claims that mobile platforms and cloud services will be likely targets for attacks and breaches in 2013. The rapid rise of Android malware in 2012 confirms this. It is predicted that in 2013, mobile technology will continue to advance and thereby create new opportunities for cybercriminals.

 

Wrong use of devices in corporate networks that utilize clouds will witness growing danger of personalized assaults and breaches into the devices’ data, the security firm explains.

The threats could be more alrming to India. Identity fraud is turning out be as a major concern in India with the growing number of Internet, social media and internet users through mobile phone devices.

A recent Symantec report stated, of the total 137 million Internet users in India, 42 million have fallen prey to the cyber fraud in one way or the other. The financial loss per cyber crime victim is around Rs 10,000 for 2012, as per Semantec.

While this list is more on expected lines considering the cyber crime trends being witnessed in the recent past. The key to the threat management lies in end-user education in protecting the online privacy, a more disciplined online behaviour and much better understanding of their smart phone.

In a lighter vein: 

On January 17, 2012, Symantec admitted to their network getting hacked. A hacker known as “Yama Tough” obtained Symantec’s source code by hacking an Indian Government server. Yama Tough has released parts of the source code, and has threatened to release more.