Free Privileged Account Discovery Tool: Identify & secure credentials to stop lateral movement. Download Free

BeyondTrust
  • Products
    Privileged Password Management
    Discover, manage, audit, and monitor privileged accounts
    Password Safe DevOps Secrets Safe
    Endpoint Privilege Management
    Manage privileges on Windows, Mac, Linux, and Unix endpoints
    Windows and Mac Unix and Linux Active Directory Bridge
    Secure Remote Access
    Centrally manage and secure remote access for service desks and vendors
    Remote Support Privileged Remote Access
    BeyondInsight Analytics
    See All Solutions
  • Resources

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

    Watch Video

    Learn

    Case Studies
    Competitor Comparisons
    Datasheets
    Glossary
    Product Demos
    Whitepapers

    Attend

    Events
    Go Beyond
    Training
    Webinars

    Support

    Changelog
    Professional Services
    Technical Documentation
  • Blog
  • Partners
  • Contact
  • Support
  • Services
  • Training
  • Events
  • Company

Top 5 Security Predictions for 2014

December 20, 2013

  • Blog
  • Archive

2013 will be remembered as a somewhat turbulent year for cyber and data security. Amongst the numerous high profile data breaches, involving such companies as The New York Times, Adobe and Facebook, was of course Edward Snowden and the NSA scandal, which effectively changed the game in terms of the 'insider threat'.

However, promising to be just as significant a year for security, we look at the top 5 challenges affecting organizations in 2014.

1. A mad dash to migrate to Windows 7

The imminent expiration of Windows XP in April 2014 will see a raft of businesses starting or completing their migrations in the early part of 2014, bringing with it new risks to businesses that don’t take proper precaution in rolling out their new operating system. Once Microsoft halts support of XP, companies running the OS will not only be faced with huge custom support costs, but will also expand their attack vector, becoming potential targets for new malware and vulnerabilities targeting unpatched systems.

What’s more, a number of vendors will stop supporting XP after April, further increasing organizations’ risks of downtime and increasing the TCO of XP as uplifted support contracts come into force. That is why I predict most enterprises will be rushing to adopt Windows 7 in the first half of next year, if they haven’t already done so. Conversely, I believe that only a small percentage of organizations will upgrade to Windows 8 in 2014.

Looking beyond next year, organizations will eventually replace a proportion of their laptop estate with Windows 8 tablets, ultra books and hybrid devices to eventually drive greater Windows 8 adoption.

2. Post-PRISM, user privileges will become a higher priority

Data security breaches were high profile in 2013, from the NSA’s notorious infringement, to the Adobe security breach that leaked information from 38 million users. The fact is, corporate data is vulnerable now more than ever, which I predict will cause more organizations to adopt defense-in-depth security strategies to protect their valuable assets and mitigate reputation risk. In particular, organizations that previously thought it was acceptable to grant administrator privileges to all users and systems administrators will think again.

According to a recent survey of IT decision makers, the NSA breach has already caused 52 percent of IT security professionals to reconsider their approach to user and systems administrator privileges - they now just need to prioritize taking action. If the Snowden affair was any indication of where pain-points lie, organizations should take all necessary steps to control excess privileges in order to defend against threats on the inside, whether deliberate or accidental.

3. A new era of CYOD

Despite BYOD’s hype, its security risks cannot be ignored. According to many of the organizations I talk to, they still don’t have a BYOD policy in place. But in this always-on world, organizations still want to reap the flexibility and productivity benefits provided by mobile devices. That is why I predict organizations will move away from struggling to integrate a BYOD environment, instead implementing a Choose-Your-Own-Device (CYOD) policy, which enables organizations to own the devices and therefore take responsibility for securing and managing them, as well as setting them up on the corporate network.

Windows 8 will go some way in helping organizations provide a tablet experience without compromising on security, as Windows 8 Pro devices provide enterprises with the same level of control as the traditional form factors. In addition, technologies such as Windows 8 To Go will also help in this area. As organizations start to support Windows 8 devices, they will need privilege management policies in place to enable the benefits of touch-screen tablets without compromising on security or losing control of corporate IT governance.

4. More commoditization of antivirus

If this year’s security threats taught us anything about endpoint protection, it’s that antivirus just isn’t enough on its own. Organizations are too reliant on first-generation security solutions when dealing with the next-generation threats of today. Too many attacks were able to successfully penetrate antivirus software’s security defenses and it makes sense; while antivirus can prevent certain types of external attack, it cannot block malware that has already found its way onto corporate endpoints.

As more organizations learn that antivirus on its own can’t be relied on for comprehensive protection, I predict that they will turn to multiple next-gen technologies to defend against tomorrow’s advanced attacks, like Advanced Persistent Threats (APTs) and other honey-pot style techniques like DNS poisoning and drive-by-downloads.

Layered security strategies such as patching, application allow listing and privilege management will be used to complement antivirus to protect the spread of malware. I predict that the antivirus industry will continue to commoditize to meet customer expectations, with more antivirus companies moving towards giving the software away free of charge.

5. Gen Y Revolts, Bringing Increased Risk

Organizations today are struggling to balance security with user flexibility and empowerment. Though they want to use IT as a business enabler, the weight of current endpoint security systems is often limiting employee productivity. If organizations don’t learn how to strike this elusive balance, I predict that savvy “Gen Y Techies” will circumvent the burdensome security policies in place, finding their own ways to access the documents, files and tasks they need and therefore potentially introducing the organization to new attack vectors.

Recent research even shows that 80% of Gen Y employees admit to not obeying IT policies. Many organizations will take the easy road out and let employees dictate the security agenda, opting for convenience over security and gradually softening security policies and reintroducing local admin access. This should not be allowed to happen.

In fact, according to Gartner, by year-end 2014, 70% of large enterprises will permit access to external social media sites, compared with 50% in 2010, which will open up a whole new attack vector. There are many solutions that mitigate risk without suffocating employees at the endpoint and organizations that put these into place with grant their users the flexibility they demand without needing to compromise on security.

Andrew Avanessian,

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

You May Also Be Interested In:

Webcasts

Rising CISOs: Ransomware, Cyber Extortion, Cloud Compromise, oh my!

Whitepapers

A Zero Trust Approach to Windows & Mac Endpoint Security

Whitepapers

Mapping BeyondTrust Solutions to the Qatar National Information Assurance Policy v2.0

BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Videos
  • Webcasts
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press

Languages

  • English
  • German
  • French
  • Spanish
  • Korean
  • Portuguese
  • Japanese
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2020 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.