New research by Ponemon Institute shows some worrying (but unsurprising) security trends that will continue into 2009 and beyond. The survey demonstrates how some of these trends will potentially become worse, and how we should be updating our organisations integrated defense plans to ensure we are not the next victim.

Ponemon consulted with 577 IT security practitioners to consider how 10 Security trends affect organisations today; and to predict their impact during the next 12 to 24 months.

This survey demonstrates some of the more helpful tips for organisations that are struggling to understand how they should allocate resources and budgets in 2009, the top ten security trends include:

1. Cloud computing
2. Virtualization
3. Mobility
4. Mobile Devices
5. Outsourcing to third parties
6. Cyber crime (in the UK rose by more than 9%)
7. Data breaches
8. Identity Theft
9. Peer-to-peer file sharing
10. Web 2.0


The study examined the risks posed by the top ten security trends that exist today and how the risks will change over the next 12 to 24 months. According to an overwhelming 77 percent of individuals responding to the survey, cyber crime will become a high or very high risk over the next 12 to 24 months. The selection of cyber crime as the most significant trend most likely to be a high, or very high risk in the next 12 to 24 months can be partly based on the fact that 92 percent of respondents in the study, reported that their organisations have had a cyber attack. The biggest security risk associated with cyber crime is that such an attack will cause significant business interruption (make sure your business continuity plans are tested), followed by the theft of customer and employee data.

Other mega trends becoming more risky are cloud computing, malware, web 2.0 and mobile devices. In the case of cloud computing, it is the inability to assess or verify the security of data centers in the cloud and protect sensitive and confidential information. IT security practitioners see the risk of malware and Web 2.0 as resulting in the loss of sensitive or confidential business information including trade secrets.

It is interesting to note that the study respondents perceive the risk of a mobile workforce as decreasing, but mobile devices remaining a high or very high risk for many oeganisations. According to respondents, the most risky mobile device is the laptop computer and the number one concern is the inability to properly identify and authenticate remote users.

Data Breaches and Outsourcing Risks

Data breaches and outsourcing are forecast to remain at the same level of risk. IT security practitioners continue to worry about data breaches, because according to the Ponemon study only 16 percent are very confident or confident that current security practices are able to prevent customer and employee data from being lost or stolen. Therefore, it is understandable why the majority of respondents in IT security believe data breaches will continue to pose a high and very high security threat to their organisations.

Because IT security professionals don't see the outsourcing of sensitive and confidential information to third parties as decreasing, it will remain a serious risk to an organisation's information assets. The concern expressed by IT security practitioners in the study is about the difficulty in protecting sensitive or confidential information when unauthorized parties might be able to access private files.

Certain Risks Are Considered more Manageable

Becoming less of a concern are risks associated with a mobile work force, virtualization and P2P file sharing. Although it seems that the mobile work force will pose less of a risk, respondents believe the most significant security threat is the inability to properly identify and authenticate remote users. With respect to P2P, it is the concern that inadvertent transfers and disclosures of documents that reside on an organisations computers and laptops will occur. The most significant risk associated with virtualization technology is the inability to properly identify and authenticate users to multiple systems and third party access to private files without authorisation.

Organisations are faced with a plethora of security threats to their confidential and sensitive data assets. Forecasting the areas that pose the highest risk will help organisations create an IT security strategy that is as cost effective as possible in times of tightening budgets.

Dr. Larry Ponemon is the chairman and founder of The Ponemon Institute . For a copy of the 2009 Security Mega Trends Survey report, please contact email Larry at: research@ponemon.org. or visit his website www.ponemon.org

Debate is under way in Massachusetts regarding a tough new data protection law designed to prevent security breaches and identity theft. Specifically, discussion is centered around whether the new law is too tough, just right or too little, too late.
Some security experts say Massachusetts' new data protection law (Mass. 201 CMR 17) is among the toughest they've seen, what's your opinion?

The security industry is set to grow by a further 16% in 2009, despite the economic downturn, what's your thoughts?

Good news, VISA are globally aligning PCI DSS compliance requirements for Service Providers and requiring a validation deadline for Level 1 merchants by September 30, 2010. This appears to be set in stone, but we all know in reality the industry might once again push back, what's your thoughts?

Welcome to understanding Information security a website maintained by info sec advisor Steve Wright. Watch this space for more information and developments.