5 information security trends that will dominate 2015

Cybercriminals are becoming more sophisticated and collaborative with every coming year. To combat the threat in 2015, information security professionals must understand these five trends.

1 2 3 4 5 Page 3
Page 3 of 5

3. Threats From Third-Party Providers

third party threats Thinkstock

Supply chains are a vital component of every organization's global business operations and the backbone of today's global economy. However, Durbin says, security chiefs everywhere are growing more concerned about how open they are to numerous risk factors. A range of valuable and sensitive information is often shared with suppliers, and when that information is shared, direct control is lost. This leads to an increased risk of its confidentiality, integrity or availability being compromised.

Even seemingly innocuous connections can be vectors for attack. The attackers who cracked Target exploited a web services application that the company's HVAC vendor used to submit invoices.

"Over the next year, third-party providers will continue to come under pressure from targeted attacks and are unlikely to be able to provide assurance of data confidentiality, integrity and/or availability," Durbin says. "Organizations of all sizes need to think about the consequences of a supplier providing accidental, but harmful, access to their intellectual property, customer or employee information, commercial plans or negotiations. And this thinking should not be confined to manufacturing or distribution partners. It should also embrace your professional services suppliers, your lawyers and accountants, all of whom share access oftentimes to your most valuable data assets."

Durbin adds that infosec specialists should work closely with those in charge of contracting for services to conduct thorough due diligence on potential arrangements.

"It is imperative that organizations have robust business continuity plans in place to boost both resilience and senior management's confidence in the functions' abilities," he says. "A well-structured supply chain information risk assessment approach can provide a detailed, step by step approach to portion an otherwise daunting project into manageable components. This method should be information-driven, and not supplier-centric, so it is scalable and repeatable across the enterprise."

Related:
1 2 3 4 5 Page 3
Page 3 of 5
7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon