Security risk management: ISF identifies the top 6 security risks for 2014

What are the top 6 security threats that will threaten business and enterprise in 2014? Well, according to the Information Security Forum (ISF), the world’s leading independent authority on cyber security and information risk management, the key threats are bring your own device (BYOD) trends in the workplace, data privacy in the cloud, brand reputational damage, privacy and regulation, cybercrime and the continued expansion of ubiquitous technology, otherwise known as the Internet of Things. Whilst no one would argue that there are also other security threats looming on the horizon, these 6 key areas are critical, particularly when combined to create even greater threat profiles.

BYO Trends in the Workplace

ISF believes the growing trend of employees bringing mobile devices in the workplace grows, will put information security at risk and make exploitation easier. It argues that these risks stem from both internal and external threats including mismanagement of the device itself, external manipulation of software vulnerabilities and the deployment of poorly tested, unreliable business applications. It believes the risks posed by BYOD are only acceptable if businesses have a clearly-defined and well-structured BYOD strategy in place which is adequately and professionally administered. Poorly implemented personal device strategies in the workplace will inevitably lead to a blurring of boundaries between work and personal data and more business information being held in unprotected manner on consumer devices.

Data Privacy in the Cloud

Whilst cloud computing services may be more cost-effective, there are inevitably security implications. Any organisation that moves sensitive data to the cloud must ensure that any personally identifiable information they are holding about an individual is adequately protected. Different countries have different regulations regarding personally identifiable information: some impose strict cross-border migration rules, others do not. ISF therefore advises businesses are therefore advised to work closely with cloud providers to ensure that all information is secure and fully-protected.

Reputational Damage

Cyber-attacks don’t just cause financial damage: they can also cause significant reputational damage. This loss of reputation can be devastating. Cyber-attacks are now more organised and sophisticated, and their speed and complexity has changed the threat landscape. ISF believes it is up to organisations to take every available precaution to protect themselves and their reputations from vulnerabilities. If companies do not have the necessary expertise to guarantee security, then they should bring in specialised security strategists.

Privacy and Regulation

Most governments have already created, or are in the process of creating, regulations that impose conditions on the safeguarding and use of Personally Identifiable Information (PII), with penalties for organisations who fail to take the necessary measures protect it. ISF argues that businesses will now need to treat privacy as both a compliance and business risk issue, if they wish to reduce regulatory sanctions and commercial impacts like reputational damage and loss of customers due to privacy breaches. The European Union is also considering bringing in further regulations around the collection, storage and use of information, along with severe penalties for loss of data and breach notification. Therefore it is vital for organisations to ensure that they have adequate security risk management procedures in place and are fully compliant with ISO 27001 standards.


Cyberspace is the new hunting ground for criminals, activists and terrorists looking for money, notoriety, or wishing to cause disruption or even bring down corporations and governments through online attacks. ISF believes that organisations must be prepared for the unpredictable so they have the security resilience to withstand unforeseen, high impact events.

The Internet of Things

ISF believes that as increased interest in setting security standards for the Internet of Things (IoT) escalates, companies have a duty to continue to build security through communication and interoperability. The security threats of the IoT are broad and potentially devastating, so organisations must ensure that technology for both consumers and companies adhere to high standards of safety and security.

Speaking at the launch of the report, ISF’s Global Vice President, Steve Durbin, told Security InfoWatch:

“As we move into 2014, attacks will continue to become more innovative and sophisticated. Unfortunately, while organisations are developing new security mechanisms, cybercriminals are cultivating new techniques to circumvent them. Businesses of all sizes must prepare for the unknown so they have the flexibility to withstand unexpected, high impact security events.”

“You can’t avoid every serious incident, and while many businesses are good at incident management, few have a mature, structured approach for analysing what went wrong. As a result, they are incurring unnecessary costs and accepting inappropriate risks. By adopting a realistic, broad-based, collaborative approach to cyber security and resilience, government departments, regulators, senior business managers and information security professionals will be better able to understand the true nature of cyber threats and respond quickly, and appropriately.”

If your business needs help with security reviews, penetration testing or network security solutions, please contact Krypsys on 01273 044072 or [email protected].