Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Analytics

3/28/2012
07:27 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Information Security Forum Launches Threat Horizon 2014

Report challenges the traditional approach to managing security risks

NEW YORK – March 28, 2012 –– The range and complexity of information security threats is set to rise significantly over the next two years and organizations that fail to prepare now will struggle to handle the challenges later. This forecast is according to Threat Horizon 2014: Managing Risks When Threats Collide, the latest in a series of Threat Horizon reports from the Information Security Forum (ISF), a global, independent information security body considered the world's leading authority on cyber security and information risk management.

The report challenges the traditional approach to managing security risks, which has typically fallen to the information security function, and recommends that organizations take a much more strategic and business-based approach to risk management. To take advantage of both technology and cyberspace, organizations must manage new risks beyond those traditionally covered by the information security function, including attacks on reputation and all manner of technology.

“While individual threats will continue to pose a risk, there is even more danger when they combine, such as when organized criminals adopt techniques developed by online activists,” said Steve Durbin, Global Vice President, ISF. “Traditional risk management is insufficiently agile to deal with the potential impacts from activity in cyberspace. While executives recognize the benefits and opportunities cyberspace offers, their organizations must extend risk management to become more resilient, based on a foundation of preparedness. We are advising our members that this is the year of resilience and to be prepared to move at the speed of a Tweet!”

Threat Horizon 2014 provides a practical place for organizations to start by providing a forward-looking view of the increasing threats in today’s interconnected, always-on world. This in turn enables a better prepared, strategic approach to managing and mitigating security risks.

The report identifies three main drivers and provides organizations with practical guidance on how to deal with increasingly complex threats including:

· External threats that come from the increasing sophistication of cybercrime, state-sponsored espionage, activism moving online, and attacks on systems that have a physical impact in the real world, for example industrial control systems

· Regulatory threats that come as regulators call for greater transparency about incidents and security preparedness, while increasing requirements for data privacy

· Internal threats that come as technology introduces new benefits at a relentless pace and the business adopts them without fully understanding the risks.

The report also highlights 10 predictions under each of the three threat groups, along with the potential business impacts, and provides recommended actions at the end of each one:

External Threats

· Cyber criminality increases as Malspace matures

· The cyber arms race leads to a cyber cold war

· More causes come online; activists get more active

· Cyberspace gets physical

Regulatory Threats

· New requirements shine a light in dark corners exposing weaknesses

· A focus on privacy distracts from other security efforts

Internal Threats

· Cost pressures stifle critical investment

· A clouded understanding leads to an outsourced mess

· New technologies overwhelm

· The supply chain springs a leak as the insider threat comes from outside

ISF’s Durbin adds: “From cyber to insider, organizations have varying degrees of control over evolving security threats. With the speed and complexity of the threat landscape changing on an almost daily basis, we are seeing businesses being left behind, sometimes in the wake of reputational and financial damage – they need to take stock now to ensure they are fully prepared and engaged.”

Threat Horizon 2014

The ISF Threat Horizon series of reports is aimed at both senior business audiences and information security professionals. These annual reports are designed to help organizations take a proactive stance to security risks by highlighting challenges in the threat landscape and identifying how the confidentiality, integrity and availability of information may be compromised in the future.

Threat Horizon 2014 contains detailed predictions along with trends and other factors that can increase or decrease the probability of the predictions coming true. An executive summary of the report is available from ISF’s website www.securityforum.org. The full report will be available to non-Members for purchase from the ISF’s online store beginning on May 1 and can be pre-ordered now at: https://store.securityforum.org/shop/.

Information Security Forum (ISF)

Founded in 1989, the Information Security Forum (ISF) is an independent, not-for-profit association of leading organisations from around the world. It is dedicated to investigating, clarifying and resolving key issues in cyber, information security and risk management and developing best practice methodologies, processes and solutions that meet the business needs of its Members.

ISF Members benefit from harnessing and sharing in-depth knowledge and practical experience drawn from within their organisations and developed through an extensive research and work program. The ISF provides a confidential forum and framework, which ensures that Members adopt leading-edge information security strategies and solutions. And by working together, Members avoid the major expenditure required to reach the same goals on their own.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-23281
PUBLISHED: 2021-04-13
Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to unauthenticated remote code execution vulnerability. IPM software does not sanitize the date provided via coverterCheckList action in meta_driver_srv.js class. Attackers can send a specially crafted packet to make IPM connect to ro...
CVE-2021-27598
PUBLISHED: 2021-04-13
SAP NetWeaver AS JAVA (Customer Usage Provisioning Servlet), versions - 7.31, 7.40, 7.50, allows an attacker to read some statistical data like product version, traffic, timestamp etc. because of missing authorization check in the servlet.
CVE-2021-27600
PUBLISHED: 2021-04-13
SAP Manufacturing Execution (System Rules), versions - 15.1, 15.2, 15.3, 15.4, allows an authorized attacker to embed malicious code into HTTP parameter and send it to the server because SAP Manufacturing Execution (System Rules) tab does not sufficiently encode some parameters, resulting in Stored ...
CVE-2021-27601
PUBLISHED: 2021-04-13
SAP NetWeaver AS Java (Applications based on HTMLB for Java) allows a basic-level authorized attacker to store a malicious file on the server. When a victim tries to open this file, it results in a Cross-Site Scripting (XSS) vulnerability and the attacker can read and modify data. However, the attac...
CVE-2021-27602
PUBLISHED: 2021-04-13
SAP Commerce, versions - 1808, 1811, 1905, 2005, 2011, Backoffice application allows certain authorized users to create source rules which are translated to drools rule when published to certain modules within the application. An attacker with this authorization can inject malicious code in the sour...