Computerworld

2014 is the tipping point year of mobile malware: RSA chief Art Coviello

Sees Internet of Things as next hacking target after mobile

RSA executive chairman Art Coviello sees 2014 as the tipping point year of mobile malware, as businesses continue to provide greater mobile access to critical business applications and sensitive data, and consumers increasingly adopt mobile banking.

Amidst this backdrop, “it is easy to see that mobile malware will rapidly grow in sophistication and ubiquity in 2014,” says Coviello as he releases his top security predictions for the upcoming year.

“We’ve already seen a strong uptick in both over the past few months and expect this is just the beginning of a huge wave,” says Coviello. “We will see some high-profile mobile breaches before companies and consumers realise the risk and take appropriate steps to mitigate it.”

We will see some high-profile mobile breaches before companies and consumers realise the risk and take appropriate steps to mitigate it.

Art Coviello, RSA

Further ahead, Coviello zeroes in on the Internet of Things, the growing network of devices that sense and control real world systems, as the next hacking target.

“From cars to medical devices to smart electrical grids, we will see an increasing number and growing sophistication of attacks on the Internet of Things,” says Coviello. “We will see more attacks that have truly destructive – as opposed to disruptive – power.”

Coviello links these security trends to the continuous maturation of the ‘third platform’ – IDC’s term for the confluence of the four business trends of cloud, big data, social and mobile. This is the platform that emerged on top of the mainframe and client/server eras of the 70s and 90s.

Related: CIO Agenda: Innovate and transform on the 'third platform'

Coviello notes the past year saw the significant growth and continuous adoption of software as a service and infrastructure as a service. Businesses, meanwhile, are demanding access to business applications on their mobile devices as the office becomes more and more virtual.

Yet in a recent global survey of 3200 IT and business decision-makers, by RSA’s parent company EMC, two of the top security concerns identified by respondents were third party access of company applications (43 per cent) and mobile access to corporate networks (40 per cent).

Coviello says these point to the need for more advanced technologies and intelligence-driven security strategies in the era of the third platform.

Related:Applying Big Data principles to information security

'With Big Data touching on everything we do, the attack surface will be altered and expanded and our risks magnified in ways we couldn't have imagined,' says RSA chief Art Coviello.

Coviello likewise predicts 2014 will be the dawn of Bring (and control) Your Own Identity (BYOI). He says one of the interesting trends of the third platform has been the consumerisation of IT as companies give staff greater latitude in accessing corporate resources and data through their personal devices (BYOD).

But this will be superseded by BYOI as employees increasingly push for a simpler, more integrated system of identification for all of the ways they use their devices. “Identity will be less entrusted to third parties and increasingly be something closely held and managed by individuals – as closely as they hold their own devices.”

While public clouds have been gaining some momentum for certain workloads in the past two year, the NSA revelations and questions about the security of those clouds could slow that momentum. “We’ve seen companies rethinking their public cloud strategies and even governments in Europe advocating for the Balkanization of public clouds so that they reflect national borders,” says Coviello.

He sees public cloud providers aggressively addressing the security of their clouds as a competitive differentiator and to stave off these threats to their business. “Providers of cloud security should have a banner year in 2014.”

He says the events of the past year have brought the issue of insider threat in the forefront once again. He sees companies taking steps to protect themselves from the risk of substantial damage to revenue, brand and business continuity from actions brought by staff.

Follow Divina Paredes on Twitter: @divinap

Follow CIO New Zealand on Twitter:@cio_nz

Sign up for CIO newsletters for regular updates on CIO news, views and events.

Join us on Facebook.