Several weeks ago I had the pleasure of interviewing Cisco CTO of Security Bret Hartman. In discussing Cisco’s approach to working with enterprise to protect themselves from cyber attacks, he stressed that while historically attention has been paid to be reactive, increasingly IT needs tools to be proactive as well.  Research firm Ovum has added its voice to the need for enterprises to be proactive with the publication of its Security 2014 Trends to Watch Report.

Ovum amplifies what Cisco and others are saying, i.e., that keeping enterprises safe and protecting data at rest and on the move have never been more difficult to achieve due to the growing sophistication of those with malicious intent. And, whether it is attacks by opportunistic hackers using pre-built tools through to targeted, well-resourced, state-sponsored cyber activity, being proactive has never been more critical. 

According to Ovum, and as confirmed by numerous recent industry reports on cyber attack methods and activities, attack volumes will continue to rise. They add the important observation that no business should consider itself immune. “Even the best-protected government, military and business systems have already been breached, and in 2014 they will to be put under further pressure,” noted the report.

2014 is going to be a bad year for security professionals as bad guys exploit vulnerabilities

Ovum has a sobering view of security trends for the coming year. Trends to watch include:

• More proactive protection is needed to address the cyber security time bomb.
• Security-as-a-service will be the way forward for a growing number of organizations.
• Cloud and mobility will change the way we approach IT security and user protection.

Andrew Kellett, Principal Analyst, Software – IT solutions and author of the report says, “In 2014, cyber espionage and state-sponsored threats will continue to make headlines, but the concerning underlying trend is that similar technology can and will be used against ordinary businesses.”

“Security experts recognize the rise in use of sophisticated malware, and this is driving the need for better and more proactive security,” says Kellett. However,  he adds, “organizations will be required to fundamentally shift their approach to security from a mainly static defensive posture to one of taking positive action before or as an attack takes place.”

In 2014, enterprise organizations will need to gain positive advantages from security intelligence, Big Data analytics, and the ability to understand threat priorities and the actions needed to sustain the well-being of the organization and its users.

Kellett states, “Not every organization has the budget or security resources to meet its current protection requirements, let alone the extended use of cloud-based services and the BYOD-driven use of smartphones and tablets by employees. Therefore, organizations will be forced to consider the practicalities of managed, security-as-a-service options.”

Ovum points to all of the developments that have increased risks by creating an explosion of vulnerable vectors as a result of the increased use of cloud-based services, user mobility and the proliferation of BYOD, and the consequent need for better identity management as traditional preventive measures like firewalls no longer keep the barbarians from breaching the gates, and the growing reliance on Big Data analytics which rests on the foundation of making more information available to more people.

The latter point on Big Data is a two-sided coin. There may be more exposure of critical data, but Big Data and analytics are the keys to being more proactive.  As Kellett, “Ovum recommends that organizations should look to gain positive advantages from Big Data, security intelligence and analytics-based approaches to security management. Meanwhile, mainstream security vendors need to provide a range of products and services that genuinely meet the protection needs of both SMEs and large enterprise clients.”  

The terms visibility and context-based profiling in conjunction the implementation of better encryption and strong authentication are now the industry consensus on providing not just better information to improve reaction times when bad things happen, but also to enable IT to spot anomalies and devise effective counter-measures to deter as much mischief as possible before it proliferates.

The Ovum report is as much a call to action as it is a view on industry trends. It is seems almost undeniable that 2014 is going to see a rise in malicious behavior. Cloud, virtualization, BYOD and Big Data adoption will likely accelerate increasing the vectors of vulnerability and those with malicious intent, especially those looking to monetize their behavior or undermine foreign governments are going to continue to try to find ways to create havoc.

 In short, if your organization has not allocated more of its IT budget to proactive tools, the Ovum report is not just a word to the wise it is something that can help make the case for rethinking security budget allocations. Their use of the words “Time Bomb” should be a cause for action. Security experts around the world resonate deeply with this characterization.