Get Real with Information Security
In 2012, the writers of malware and the attackers of networks were very busy, using both social engineering and increased technical sophistication to fuel an increased number of attacks.
Not incidentally, mobile devices just flew off the shelves this year, with predictions that over 122 million tablets and some 717 million smartphones will have been sold when the tally for 2012 is complete.
Quite a few of those devices were connected to corporate networks, and even more will be connected next year. Cloud computing is real. Bring Your Own Device (BYOD) is real. Businesses are trying to do more with less, and employees desire (and are often required) to access the corporate network from more places than ever before.
Because small and medium businesses (SMBs) are leading the charge in public cloud adoption and BYOD adoption, they are opening themselves up to increased risks from attackers. Additionally, SMBs are seen as the organizations least likely to have the tools or people to notice a breach, much less prevent one, so the attacks will be fast and furious.
No, the answer is *not* getting rid of mobile, or staying out of the cloud (or, for that matter, off the internet). The answer involves not pretending that these risks don’t exist. SMBs are going to need to be ready to build a real security architecture that is very much interwoven with their business operations. They’re going to have to be willing to bring smart, motivated information security focused people on board, even if – especially if – they decide to go with managed security services.
I expect that many SMBs will wait too long to embrace security as they should, and they will pay the price in 2013. The attacks are growing, so it is inevitable, and smaller businesses do not have the luxury of having enough funds or a large enough client base to get survive a major breach to their operations as larger organizations can.
Expect to see the new year start off with a bang, as attackers up the ante in the fight against SMBs. Hopefully, many organizations will choose 2013 in which to learn the lesson of increased information security and risk management. It’s way beyond the cost of doing business: It’s now the cost of ensuring that you can continue to do business…
Have a safe and blessed 2013, and make sure you’re taking security seriously – not just at those moments when a breach is making the news…