2013’s top security threats

It’s the end of the year, and time for the lists. We recounted SC Magazine’s top security breaches of the year (and what we haven’t learned from them); now it’s time for the top security threats of the year, according to CSO Magazine. There’s a big distinction – while the former deals with what happened, the latter’s considered with how it happened.

CSO interviewed a number of security pros about what keeps them up at night, and much of it seems to be evolutionary, rather than brand-new threats.

For example, phishing attacks have become more sophisticated. Once riddled with typos, grammatical errors and other dead giveaways, says John South, CSO at Heartland Payment Systems, which has had its share of high-profile security breaches.

And distributed denial-of-service attacks have become much more powerful’ while a 2012 DDoS attack might have slammed Web site with 3 or 4 Gbps attacks, new attacks have bursts of 100Gbps, making security schema designed around the smaller volume vulnerability, South says.

While many companies are focusing on protecting their systems from attackers outside the perimeter, the insider threat remains one of the most potent, according to Michael Cox of SoCal Privacy Consultants. Since they have trusted access to the most valuable information, their breaches can be the most damaging. And it’s often not even malicious; inadequate awareness and training programs are often the root, Cox said.

There are two other issues related to the insider-access problem. Third-party contractors aren’t always vetted and monitored adequately, and former employees often don’t have their access completely severed properly when they leave the company, according to Timothy Ryan of Kroll Advisory Solutions.

Vulnerabilities in applications themselves continue to be an issue, said South. And application vulnerabilities will only become more challenging with the BYOD (bring your own device), mobility and remote access schools in ascendancy. Pushing an application beyond the firewall and onto a device of insecure provenance exacerbates the problem, while bringing employee-owned devices inside the perimeter compromises it.

You can read more on CSO Magazine’s Web site.



Dave Webb
Dave Webb
Dave Webb is a freelance editor and writer. A veteran journalist of more than 20 years' experience (15 of them in technology), he has held senior editorial positions with a number of technology publications. He was honoured with an Andersen Consulting Award for Excellence in Business Journalism in 2000, and several Canadian Online Publishing Awards as part of the ComputerWorld Canada team.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

ITW in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Best of The Web