Trends in Cybersecurity: A Forecast for 2013

Getting Integrated: This is the year when we’ll finally get serious about viewing cybersecurity from an integrated perspective. By integrated, I mean moving away from simply protecting individual desktops and databases, and instead protecting the entire enterprise. That includes not only those desktops and databases, but also mobile devices, industrial-control systems, manufacturing supply chains and critical IT infrastructures (including the cloud). Basically, anywhere we do computing — whether in our pockets or from the farthest-flung corner of the enterprise — needs cybersecurity services. This year we’ll also start to integrate those disparate systems under a single, integrated cybersecurity program architecture.

Control Systems, as well: 2013 will also be the year when people accept the need to get serious about safeguarding the cybersecurity of not just information, but also the systems that rely on that information for control and management. Consider, for example, the control systems of a power plant or hospital. These systems are increasingly vulnerable, and we need to commit ourselves to safeguarding them.

Different Strokes: We’ll become more aware this year of the two differing, even competing, visions of cybersecurity. In much of the West, cybersecurity means protecting the privacy and security of confidential information. But elsewhere, another approach is emerging. It says cybersecurity is mainly a way to keep governments secure and regimes stable. Call it cybersecurity as an exercise of sovereign power. What’s more, these two conflicting approaches to cybersecurity can (and must?) coexist.

Going Mobile: Bring your own device (BYOD) is here to stay, and as a result, the world of enterprise cybersecurity will get more interesting in 2013. Employees have shown they’re willing to spend their own money to buy the devices they want. Now enterprises will need to spend some of their money, too, ensuring that these devices — and the applications and databases they can access — are secure. But employees will have to share some of the cyberresponsibility, too. This could mean operating in a virtual mode, which, in turn, may require extensive training.

And here’s what I hope to see in the new year:

Double-Barreled: 2013 should be the year when organizations start to offer cybersecurity from not one, but two perspectives: architecture and management. By architecture, I mean taking an integrated view of enterprise-wide security. That’s particularly important as more and more things move to the cloud and virtualized setups. And by management, I mean taking a top-down approach to cybersecurity. Too many organizations try to secure systems from the bottom up. They’ll ask, “How do I secure this database ... laptop ... smartphone?” Instead, they should be asking whether they possess the two ingredients vital to security: first, the resources to secure all their systems, and second, the expertise — whether internal or external via a consultant — to manage their total cybersecurity requirements.

Invest in Security: I hope this will be the year when we make a far more powerful and enduring investment in the science, technology, development and engineering behind cybersecurity technologies. It’s time to reinvigorate our academic base, research base, science base and technology base. We also need to build integrated information architectures that safeguard systems all the way from your pocket device to the cloud, plus everything in between.

Big Data, Big Threats: In all the excitement over the potential of data mining, we mustn’t forget to secure and protect all that data. Sure, big data lets us unlock value — but only to the extent that we have confidence in our data’s security. If we don’t know where the data comes from, don’t know whether it’s secure, and don’t know whether it’s been tampered with, then we can’t use it for decision making. The silver lining: This is an area where cybersecurity provides an enormous opportunity to add value.

Here’s wishing you a happy and cybersecure new year!

Sam Visner is VP and general manager of cybersecurity at CSC.