***Editor's Note: Tune-in this Wednesday to ebizQ's Threatscape
2008 for an in-depth look at the next wave of attacks being planned
by hackers. Sign-up right
Let's face it, though the Internet has made it easier to get information and
services, it can be a dangerous place to compute. Every day, cyber criminals
are unleashing malware, worms and spam, hoping to pry loose critical information
for monetary gain.
Last year was plagued by several costly international security incidents, with
hacker hotbeds in China, Russia, the U.S. and the U.K. Research Firm Ponemon
Institute revealed that the average cost per security incident was $6.3 million
in 2007, compared to an average per-incident cost of $4.8 million in 2006 --
and this was in the U.S. alone.
These numbers demonstrate that CISOs must focus more efforts on best securing
their enterprises in 2008, so the cost per incident doesn't skyrocket yet again.
Now that we have a few weeks of the New Year under our belts, here are the trends
I see persisting and the areas CISOs should pay the most attention in 2008.
SOX, HIPAA, PCI-DSS and HSPD-12. This alphabet soup of compliance regulations
are major pain points for enterprises. In the past few years, increasingly strict
deadlines for global compliance laws have forced companies to reevaluate their
security practices and take more steps toward improvement. Businesses are already
using technology that identifies who accessed what on their systems, and detects
and resolves security problems. It's a good start, but there is still much more
that needs to be done.
In 2008, businesses can expect the government to become even more involved
with compliance and security standards. Therefore, CISOs must be able to demonstrate
they are meeting mandated requirements. Specifically, CISOs will be asking,
"How can I prove to auditors that I am compliant and how can I simplify
the process?" This is the underlying theme for all compliance efforts,
and the number of fines will increase if businesses do not find the answer.
As such, technology that can automate and validate network activity to meet
compliance requirements will be incredibly important.