Cross stressed the importance of having a defense against a distributed denial of service (DDoS) attack, a popular method of cyberattack for politically motivated groups such as Anonymous.
“When this starts happening to you, you have to respond quickly. You have to have planned out your game in terms of what you are going to do to mitigate the issue and how you are going to go about bringing it to bear on the problem so that when it starts happening, you know exactly what to do”, Cross told Infosecurity.
In addition, 2012 is likely to see a significant increase in the use of mobile devices, such as iPads, in the enterprise. The IBM 2011 X-Force Mid-Year Trend and Risk Report projected that this year would see twice the number of mobile exploits than occured in 2010, and that number will continue to rise in 2012.
“People are continuing to bring mobile devices into the workplace and they want to be able to work with data using the mobile device of their choice. That is driving a lot of concern among corporate security personnel, who have to figure out how to support these platforms and protect data that is on them”, Cross said.
Cross recommended that enterprises consistently employ anti-malware and patch management software for mobile devices in the enterprise environments, as well as apply security policies, such as passwords and encryption, to both PCs and mobile devices, He also recommended that companies develop a remote wipe capability and a response plan in case the device is lost or stolen.
As companies continue to move to the cloud, they need to consider the implications of moving key functions off premise. Most companies are not doing a great job at assessing this impact, particularly when it comes to security, Cross noted.
“When you take sensitive information and hand it to a third party, all these questions arise about how that third party handles the security of that data and whether its policies are in line with your policies. We think the answer to that challenge is for the third party cloud service providers to be transparent to customers regarding both their security policies and practices”, he said.
There is some good security news for 2012. IBM has seen a decline in the number of web application vulnerabilties.
“We saw fewer web app vulnerabilities this year, and in particular, fewer SQL injection vulnerabilities disclosed. We hope that means is that web app developers are getting smarter about writing code that is more secure”, Cross concluded.