The biggest risk to organisations is from known threats, according to Threat Horizon 2015. It’s the latest in a series of reports from the Information Security Forum (ISF), an information security body. According to the ISF, understanding known threats is fundamental to enterprise risk management and these threats need to be evaluated in the context of the organisation to determine risk.
Steve Durbin, Global Vice President, ISF, said: โThreats such as hacktivism and malware have been around for some time, but it doesnโt mean that they are less dangerous and that we can relax โ quite the opposite. Older threats, because theyโve matured, are more dangerous and pose more risk. Known threats remain dangerous and will pose greater risk to our organisations moving forward as their sophistication multiplies and they become even more effective at compromising our information security.โ
Threat Horizon 2015 is part of the annual series of ISF Threat Horizon reports that seek to offer a way for ISF members to take a forward-looking view. This in turn enables a better prepared, strategic approach to managing and mitigating risk. While many of the threats addressed in this yearโs report have been around for some time, the ISF believes that this should not be reassuring. Whether the threats we face are old or new is less important than the risk they pose.
Durbin added: โResearch for this yearโs report found a number of familiar offenders such as organised cybercrime, social engineering, mobile devices, social networking, cloud computing and malicious software. Whatโs new this year is the increasing sophistication of these known threats as they mature. While some threats diminish with time, others have become even more dangerous.โ
Threat Horizon 2015 focuses on the following themes:
โขCyber risk is challenging to understand and address, from CEOs that simply donโt get it to organisations struggling to find the right people
โขReputation is a new target for cyber-attacks, from insider activists who leak information, and hacktivist collectives who vote on who they dislike this week
โขCriminals value your information, theyโre highly motivated to obtain it, or to use what leaks out of your organisation
โขThe changing pace of technology doesnโt help; bring your own cloud (BYOC) and bring your own device (BYOD) also bring their own risks
โขThe role of governments must not be misunderstood: while they have a key role to play, they wonโt lead cyber security efforts โ they expect organisations to manage risks in cyberspace and prevent information and systems from being compromised
The Threat Horizon series of reports are aimed at senior business executives, up to and including board level, to help them understand the cyber threats that could have an impact on their organisations.
Information Security Forum (ISF)
Founded in 1989, the Information Security Forum (ISF) is a not-for-profit association. The ISF provides a forum.bFurther information about ISF research and membership is available from www.securityforum.org.
