In 2011, corporate information emerged as the most coveted asset in the cybercrime war, the vast amount of digital information in the world grew even more rapidly and the surge in mobile devices in the workplace added another layer of complexity for IT executives.
So what's next? I sat down with Francis deSouza, Symantec's Group President of Enterprise Products and Services, to get a sense of the challenges CIOs will face in their quest to keep their information secure and accessible in 2012. Following is a recap of our discussion including a few key predictions to consider as you plan for the year ahead:
Question 1:Francis, you spend a lot of time with our customers. What challenges do they face in the year ahead?
Francis deSouza: As we enter 2012, there are a number of IT trends - social, local and mobile (SoLoMo), virtualization, public and private clouds – that are both exciting and challenging for companies. One of the most significant is the extreme amount of information that organizations need to protect and manage. Analysts estimate that 1.8 zettabytes of data were created in 2011. To put this number in perspective, that's the equivalent of 200 billion 2-hour HD movies! And that number is expected to double every 2 years. Now, IT budgets are not growing at the same rate. In fact, many CIOs are facing shrinking budgets. So they are focused on finding ways to reduce the cost and complexity associated with managing this “big data.”
Question 2: It seems like information is a bit of a double-edged sword for companies these days.
FDS:That's exactly right. This vast amount of information allows organizations to transform how they serve their customers and increase productivity. However, the same information that helps companies improve the way they prescribe medication, set their sales strategies or more effectively price their products can also become a major liability if it is not properly managed.
Question 3:Speaking of proper information management, we recently commissioned a survey that found nearly half of organizations have no information retention plan. Do you see that changing in 2012?
FDS:I do. I think companies are realizing that, while simply storing every byte of data may seem like a simple strategy, it also presents disadvantages beyond rising storage costs. Keeping unnecessary information increases an organization's risk of litigation. A retention plan is critical. Holding on to information that you don't need can be as dangerous as deleting information that you need to keep.
Question 4:On the security side, what do you predict for 2012?
FDS:Targeted attacks will continue to be a serious issue for businesses in 2012. I think we'll see an increasing number of targeted attacks driven at least in part by competitive advantage, as companies exploit digital espionage to acquire proprietary data from their competitors. For example, imagine an organization preparing to invest billions of dollars in a new chemical manufacturing facility using a targeted attack against its competitors to gather intelligence. This information will help to ensure they build a facility that outclasses their competitors.
Question 5:I saw your recent blog post on our Malicious Insider report. What can companies do to ensure their own employees aren't compromising their intellectual property in 2012?
FDS:In my experience, organizations tend to focus their attention to shoring up their defenses against all manner of outside attacks, but they don't focus enough on the threat from the inside. Fifty-two percent of malicious insider attacksare aimed at stealing trade secrets and the theft of such information costs U.S. businesses more than $250 billion per year. Stopping the malicious insider is certainly complex. While it’s a great first step to put policies and procedures in place to prevent malicious insiders from stealing intellectual property, it’s also crucial for them to form coordinated, cross-functional teams to enforce these policies.
Question 6: You can't read a story about what to expect in 2012 without talking about mobile devices. How are CISOs dealing with the influx of smart devices in the workplace?
FDS: Mobility is clearly changing the game for businesses today. IDC is predicting that mobile devices will surpass PCs in both shipments and spending in 2012 and a recent survey revealed that 91 percent of all U.S. citizens have their mobile device within reach 24/7. The explosion in use of smart mobile devices has certainly captured the attention of cybercriminals. It is easy to understand why the CIOs I talk to are concerned with employees bringing their own mobile devices into their corporate infrastructures. They know that tablets and smart phones increase employee productivity, but at the same time, rapid adoption of tablets can leave organizations vulnerable to data loss from insiders, both malicious and well meaning. The concern has become insiders that fly under the radar of IT to access and send sensitive data, and in the case of the malicious insider, steal highly confidential intellectual property.
Question 7: Final question. Will there be another Stuxnet in 2012?
FDS: It is quite likely that the foundation for the next Stuxnet-like attack has been laid. The attackers behind Duqu were looking for information such as design documents that could help them mount a future attack on an industrial control facility, making it essentially a pre-cursor to a future Stuxnet. At this point in time, there is no reason to assume the attackers behind Duqu were unable to gather the intelligence they were looking for. In addition, it is likely other similar reconnaissance-type threats exist and have simply not yet been discovered.
For additional information on ongoing trends in security, information management and cloud computing, please see the additional resources below: