lack of attention to security by social media players cause for concern, gartner _ tech channel mea
TRANSCRIPT
11/22/2015 Lack of attention to security by social media players cause for concern, Gartner | Tech Channel MEA
http://techchannelmea.com/researchandsurveys/lackattentionsecuritysocialmediaplayerscauseconcerngartner 1/7
TCM Search Search
Lack of attention to security by social media players cause forconcern, Gartner
Source: Arun Shankar
Publish date: 17 Nov 2015 Print Email
Related ArticlesGCC external storage market suffersYoY decline of 16.11% in Q2 2015
MENA information security spendingto reach $1.1 billion in 2015
GCC hype cycle from Gartnerpresents challenges faced by region
Infrastructure, utility projects driveUAE IT services market growth
Greg Young, Research Vice President at Gartner,presented the top trends in information security that is ofrelevance to the region at a recent briefing session. Thisincluded the importance of the role of social mediacompanies, the increasing attack surface being generatedby IoT devices, tradeoffs between private and publicsector organisations and institutions, the reducing returnsfrom spending on security due to shortage of skills, theexclusion of either China or US in bidding of securityprojects, over reliance of marketing by securitycompanies, drawbacks of using encryption, backdoorand shadow IT being targeted, and zero year more of anissue than zero day.
Greg Young, Research Vice President at Gartner.
Gartner presented the top security concerns for the region at a recent briefingsession.
Home / Research And Surveys
Articles Pictures Videos
Emirates airline, Dnata to enhance businesswith big data analytics
Mubadala, GE finalise deal for joint venture inAl Ain
Mahindra Comviva to extend footprint acrossMENA region
Canon enters partnership with Cerebra MiddleEast
Microsoft, Pacific Controls announce softwareplatform Galaxy 2021
Read more..
Most Recent
The capital required to build thecapability to build the nextgeneration semiconductors is quitesignificant.Michael Dell, Chairman of the Board of Directorsand CEO of Dell
End user customers are seducedinto buying multiple point productsbut then you have an integrationproblem.Anthony Perridge, Security Sales Director, Cisco
While there may be political reasonsto link the Sony hack to a certainstate this is only speculation.Nicolai Solling, Director Technology Services, HelpAG
Conventional smartphones onlyexchange messages and noemotions.Vladislav Martynov, CEO Yota Devices
Read more..
Briefly Spoken
Home Sign In Register
TECHNOLOGY CHANNEL PARTNER PROGRAMMES NEW PRODUCTS EVENTS PEOPLE EXPERT TALK
CONVERGENCE CLOUD SECURITY STORAGE MOBILITY RESEARCH & SURVEYS
11/22/2015 Lack of attention to security by social media players cause for concern, Gartner | Tech Channel MEA
http://techchannelmea.com/researchandsurveys/lackattentionsecuritysocialmediaplayerscauseconcerngartner 2/7
Greg Young presents Gartner's view of security trends
#1 Social media companies more than security companies will determine three year threattrajectory
Since social media companies own so much of the data today, attackers try to bypass companysecurity scans by using social media links. A lot of attacks are coming from social media basedsites. Also social media companies do not want to block a lot of links since that is counter totheir business model. Social media sites have a certain level of security but threat actors arechannelling attacks from them. On social media, it is easy for threat actors to come up with anew identity, but an identity that has been around for a few years and known to be good, that is apowerful thing to get by a lot of security tools. Social media companies have a big andincreasing responsibility that they do not recognise and accept. It is unfortunate that social mediacompanies have to be pressured to do that, but they are the vector today for a lot of distribution,rather than looking for problems with operating systems. Social media companies can have abigger impact on what happens today. More videos
Greg Young presents Gartner's view of security trends
#2 IoT attack surface is expanding exponentially
For threat actors, the Internet of Things IoT is a fantastic opportunity, since there are a lot moreconnected devices than connected PCs, smartphones, and tablets. With everything connectednow, if your neighbour is vulnerable you are vulnerable. And if your neighbour is vulnerablethere are now two adversaries. Threat actors may not use IoT devices directly to stage an attack,but they may use hundreds of IoT devices to launch a denial of service attack from a vulnerablenearby site. With all the connected chips, IoT is a platform to be exploited.
In terms of securing IoT, vendors are saying they are protecting the edge of the IoT network orthey are protecting the IoT devices by hard coding security. Most of the hard coded security weare seeing today is terrible. But securing IoT is no different from what we have today. One placecannot fit everything and a layered approach to IoT security is required. People are makingmistakes with IoT by giving up one aspect and going for the other. Unfortunately for IoT bothare needed and more than that today. Manufacturers of IoT devices are not really interested insecurity, since they believe security can come later or someone else will look after security.Removing the hype, IoT is really just a lot more devices. More videos
11/22/2015 Lack of attention to security by social media players cause for concern, Gartner | Tech Channel MEA
http://techchannelmea.com/researchandsurveys/lackattentionsecuritysocialmediaplayerscauseconcerngartner 3/7
Greg Young presents Gartner's view of security trends
#3 Public and private sector security trade offs
Governments are good at intelligence gathering but really bad at sharing intelligence to stopattacks. It is a difficult cultural change for governments to be able to help even their own citizensor their own companies to do that. Governments want to tell people how to secure things ratherthan help people. They prefer to set up rules rather than technology.
For the private sector there are also difficult decisions for companies to make. By opting fordisclosure of security breaches they have to choose between risking reputation and helping outcompetitors by sharing of information or keeping it secret. They have to choose between theliability of giving up the privacy and information of their customers and putting their customersat risk, versus operational cooperation. There are some really difficult choices that companiesand governments are trying to make. It is a shift that is slow and naturally difficult but it couldchange.
Relatively in Germany there is a great concern for privacy, and the state of Quebec in Canada. Inthe region there is a positive support and enabling of awareness. But around the worldgovernments are too often concerned about control, sometimes too much, and getting data ontheir adversaries, rather than collaboration. That is going to change, since it cannot continue theway it is. It is almost the dark age of government security right now. More videos
Greg Young presents Gartner's view of security trends
#4 Reducing returns from security spending
In the GCC region, because there are so many attacks going on and because of criticalinfrastructure and resource based industries, there is an excellent level of security. However whatyou have is too much spending and a shortage of people. When you have the same number ofpeople having to use more and more tools all the time, they cannot go on with it. So we areseeing a lot of confusion. An estimated 40% of positions for security are unfilled right now, andthis will go up to 50% to 60% in a few years. So we cannot keep giving our carpenters more andmore tools into the tool bag and expect them to do their task, it is actually becoming a problem.Some of the biggest attacks we have seen, people have a lot of tools, but there is just too muchwork for them, so we have a people shortage. Money is not a problem, it is not going to slowdown, and CIOs are going to keep spending to keep their jobs. In the region itself shortage of
11/22/2015 Lack of attention to security by social media players cause for concern, Gartner | Tech Channel MEA
http://techchannelmea.com/researchandsurveys/lackattentionsecuritysocialmediaplayerscauseconcerngartner 4/7
personnel is a real significant issue. While outsourcing is an option but even they arestruggling. More videos
Greg Young presents Gartner's view of security trends
#5 Exclusion of US and China in security projects
By 2020 10% of requests for proposals will exclude either China or US security companies frombidding. While currently there is an informal process to exclude either, it is now becoming into aformal process, due to state sponsored interference in products. This is affecting North America,China, Asia Pacific. Other than Chinese and US there is everybody else but the choices are few.The big message here is there is really a separation in the two markets.
State sponsored attacks are so smart that it is difficult to identify where they are coming from.This can be executed by state actors at a country level, but not by companies. When a companyis targeted by a state that is unfair. State sponsored level of attack capability is so high and soadvanced it is often unfair when it is targeted at a company. States fight states and companiesfight companies. More videos
Greg Young presents Gartner's view of security trends
#6 Bad behaviour by security companies
With the gold rush of attacks and money there has come some bad behaviour by securitycompanies. Some of the security marketing that is going on is irresponsible. Some securitycompanies are spending more on marketing than they are making on revenue. This spending onmarketing has never been seen before, and in some case they are not security companies butmarketing companies. All security companies are competing for a narrow aperture of CIOattention. With security in the news all the time, it can be very confusing. More videos
11/22/2015 Lack of attention to security by social media players cause for concern, Gartner | Tech Channel MEA
http://techchannelmea.com/researchandsurveys/lackattentionsecuritysocialmediaplayerscauseconcerngartner 5/7
Greg Young presents Gartner's view of security trends
#7 Session encryption blinds inspection safeguards
Encryption is increasingly blinding security technology since you cannot see through encryption.Instead of making us more secure, encryption is making us less secure, since you need to lookinto it for security inspection. This is now an interesting challenge since encryption itself isbecoming into a problem with SSL vulnerabilities that cannot be monitored. More videos
Greg Young presents Gartner's view of security trends
#8 Securing the back door
Backdoor entry into products and services are built into them to allow governments to makelawful intercepts. But threat actors are aware that products and services have this backdoor entryfor lawful intercept built into them, so they are targeting that because they know everything isthere. More videos
Greg Young presents Gartner's view of security trends
#9 Shadow IT will be targeted
11/22/2015 Lack of attention to security by social media players cause for concern, Gartner | Tech Channel MEA
http://techchannelmea.com/researchandsurveys/lackattentionsecuritysocialmediaplayerscauseconcerngartner 6/7
COMMENTShare your views post your comment below
As business departments get frustrated with the technology people, they will leap ahead toimplement their own technology. While shadow IT is within the enterprise it is not as wellcontrolled by the IT organisation. Shadow IT is a great target because it often falls outside thesecurity management of the company. More videos
Greg Young presents Gartner's view of security trends
#10 New CIAS information security model
The thirty year old information security model has traditionally consisted of three corner stonesincluding confidentiality, availability, and integrity CIA. With increasing sophistication of threatlevels and associated damage concerns, the model now includes safety. With increasingconnectivity through IoT people can get hurt and safety has been added as a new vector. Morevideos
Greg Young presents Gartner's view of security trends
#11 Existing zero year threats are bigger problem than zero day
Most of the threats that are emerging everyday are based on vulnerabilities that we alreadyknow. The number one 2014 malware is based on seven year old Windows vulnerability. Thebusiness of ransomware grew by 113% last year. Phishing attacks are now extremely welltargeted, and are using .Doc and .Exe files. While the security vulnerability is the same in eachorganisation, the exploits are different. If you patch the vulnerability you can stop the exploits.Some of the best security practices around the world are from some of the banks using a grassroots approach rather than top down. But this is not the case with all banks and some arestruggling. More videos
11/22/2015 Lack of attention to security by social media players cause for concern, Gartner | Tech Channel MEA
http://techchannelmea.com/researchandsurveys/lackattentionsecuritysocialmediaplayerscauseconcerngartner 7/7
Characters remaining ( 1000 )
Your comments
Sign in to post a comment
HCL, IBM partner todevelop hybrid cloudsolutions for
Infosys one of the mostrelevant digital strategyservice
NASA selects QuantumStorNext platform forcontent management
About Us Careers
Privacy Policy Contact us
Terms of Use
Home
Technology New Products Expert Talk Storage
Channel Events Cloud Mobility
Partner Programmes People Security Research & Surveys
Categories
Resources & References
Archive
© 2015 All rights reserved Tech Channel MEA Find Us On: