1. Business continuity to get focus over disaster recovery
BCM is a process issue related to building the framework to increase business resiliency and restoration capability, while DR is about building redundancy through infrastructure investments. It is quite likely that new DR site investments might happen fewer than they did in 2008. But I would not advise cutting down on building your BCM capability - even if you are an SME. Each one of your people does need to know what needs to be done when things begin to fail. This does not require huge amounts of investment, but does require common sense, risk assessment, and regular training and awareness.
Counter: Focus on an effective Business Continuity Plan that takes into account at least the following - fire, ISP failure, transportation link failure, and yes a terrorist attack as well.
2. Capital expenditure on security technologies likely to be hit
This is one area that has seen the biggest hit and is likely to continue feeling the impact with new investments simply not happening. So fewer firewall upgrades, fewer adoptions of recently introduced solutions such as Data Leakage Prevention (DLP), Network Access Control (NAC), and others.
Counter: Really look for ROI on your capital expenditure on security technologies.
3. Focus on regulatory compliance to increase
Make sure you know very clearly what your responsibilities are towards data protection - not only for the specific industry you are in - but also for the countries that you do business in. I’ll soon be releasing a write-up on the Indian IT Act, and the new amendments recently pushed through in the Parliament, and what these mean for every individual and every business. Essentially, even if you are not ISO 27001 compliant or PCI DSS regulated, you are still very much legally liable to ensure due diligence to protect your customer’s data.
Counter: While cutting budgets on infosec is fine, don’t end up putting the existence of your business at risk due to negligence towards data protection.
4. Scareware, Social Networking Attacks, Phishing, and others
While Phishing attacks rose quite a bit in 2008, it is quite likely they will become more prevalent, more insidious and a huge pain in the wrong places in 2009. Combined with Scareware tactics (http://www.theregister.co.uk/2008/08/22/anatomy_of_a_hack/), exploitation of social networking sites (http://www.internetnews.com/security/article.php/3789496 and http://news.cnet.com/8301-1009_3-10078353-83.html), and even Google (http://go.theregister.com/feed/www.theregister.co.uk/2008/12/30/google_calendar_phish/ and http://blogs.zdnet.com/Google/?p=1053) is going to ensure attacks are highly smart, effective, and definitely lucrative for the attackers.
Counter: Focus on awareness, not just within your organizations but also within your families and communities.
5. Computer fraud may rise - a lot
Today attackers are not concerned with releasing the latest virus onto unsuspecting Internet users. Do we even remember how long ago it was when CodeRed or Slammer hit us bad? Attackers today - both external and internal - have one simple agenda - making as much money as they can within as short a time as possible. We’re already seeing SAP, Oracle Apps, and business applications becoming the most lucrative target of fraudsters. All they need is the knowledge (if you’re working with 2-3 years on the same system you know its flaws well enough), motive (layoffs, salary cuts, no bonuses), and opportunity.
Counter: Invest in forensic accounting, and keep a panel of experts on standby to be called in when fraud happens. Get advice on a list of red flags to watch out for.
6. Cyberwarfare could become a reality
At least as far as the South East Asian region is concerned, we’ve already seen an increase in the number of cyber attacks on Indian banks and government websites. This trend will get more serious and more malicious with some really sensitive data being targetted in the months to come. The next frontier for terrorism will be digital, and we’re all going to be facing the brunt of professional hacking, espionage, and digital sabotage. We’re already seeing this with the current Israeli war on Gaza (http://blog.wired.com/defense/2008/12/israels-info-wa.html), and the recent attacks by Pakistani hackers on the Eastern Railways site (http://in.news.yahoo.com/241/20081225/1262/twl-pak-hacker-attacks-e-rlys-site-threa.html), and a couple of PSU banks. See this link for in-depth Indo-Pak cyberwar coverage http://intelfusion.net/wordpress/?p=468
Counter: If your organization is governmental, semi-governmental, public sector, or provides a service or utility of national importance, you are pretty much going to be targeted. Focus on securing your external perimeter and get it tested.
- Kanwal K Mookhey
- Mumbai, India
- I run an IT Security consulting firm based out of India. We started off from scratch in 2001 when I was 21, and have offices in Mumbai, Bahrain, and UAE. The idea behind the blog is to share the stories of how we run the business, the deals we make, the deals that break, the heartburn, and the sheer joy.
The Ultimate Startup Guide
|The Ultimate Startup Guide is an e-book that provides answers to all your questions related to starting and growing a business in India. Everything you wanted to know about entrepreneurship in India from ideation to registration to marketing to hiring. The book contains a large number of practical examples, anecdotes, interviews, and motivational material to help you get started, and to grow rapidly in a booming Indian economy. If you've got the idea, this book will help you through with the execution and realize your dreams.
Here are some of the key questions you will find answered in this book:
Details of the book are:
Title: The Ultimate Startup Guide
Author: Kanwal Mookhey
Additional: Companion CD contains numerous templates for building your business plan, calculating cashflow, preparing profit and loss, and balance sheets, preparing invoices, your resume and profile, marketing material, websites, contracts, and many other useful and motivational material.
Thursday, January 01, 2009
1. Business continuity to get focus over disaster recovery
Posted by Kanwal K Mookhey at 4:48 AM