This page contains a Flash digital edition of a book.
Compliance Outlook


Kroll Inc., the New York-based risk consultancy, foresees increasing global traction with respect to breach notifi cation legislation. While the situation remains murky in the US, owing to the country’s patchwork of state rules, the numerous proposals for a federal notifi cation law will struggle to reach a consensus, the fi rm believes.


US: No fewer than half a dozen breach notifi cation bills are currently proposed in both houses of Congress. If an agreement is reached, then the litigation over application of local rules will likely ensue.


“collision course”, as he described it, requires a solution so that organizations’ interest in what the cloud has to offer does not diminish due to concerns over placing sensitive information in the cloud. “To better accommodate sensitive and regulated data, cloud providers must turn to encryption, as more and more regulating bodies are declaring encrypted data to be out of scope for an audit”, Moulds noted. “The more the cloud service provider can isolate a customer’s environment and shroud it with encryption, the happier that provider will be with sensitive data”, he added. Almost certainly, this will make their customers happier as well. What remains to be seen is whether cloud vendors offering encryption will drive up the price of their services, negating the cost savings that are so often associated with the cloud. Wrapping up this list of the most common predictions is the proliferation of social media-based attacks. This includes all of its various forms – from social engineering, to links that re-direct to drive-by download sites. We heard about them all, over and over again, from nearly every person or vendor that offered up an opinion, so no need to embarrass anyone by name for pointing out the obvious.


10


Canada: Contemplating a mandatory breach notifi cation provision as part of the proposed revisions to the Personal Information Protection and Electronic Documents (PIPED) Act


EU: European Commission is considering the addition of rules to the EU Data Protection Directive that would harmonize rules across member nations, accelerate the mandatory notifi cation period, and be broadened to include users of online banking, video games, e-commerce sites, and social media


For an industry that exists in such a dynamic, fast changing environment, warnings about social media threats are a bit ‘old hat’. Sure, they do indeed exist – and will undoubtedly proliferate – but they are nothing new for 2012.


Favoring the Bold It’s easy to predict what has already happened, or what will continue into the future. It’s an entirely different animal when one foresees that which has no precedent, or that no one else is talking about. While the following predictions are far from unfounded shots in the dark, they do stand out as either refreshingly original concepts or by simply being outside the mainstream thought.


Now we know our readers would never hand over any amount of money to perpetrators of a ransomware scheme, but what about the users they oversee within their own organizations? If a problem such as this occurs at work, then any employee’s fi rst move would likely be a call to the help desk. Yet what happens when such a threat hits their personal mobile device – a device this employee often uses to store and transmit work-related items? Perhaps a call to their employer’s help desk is not the fi rst option.


A warning from Fortinet Labs foretells just such a scenario in the coming year. The fi rm’s research arm has observed the success of similar attacks on PCs, and believes that multi-layered attacks will lead to root access on mobile devices.


“Mobile malware that utilize exploits have also been observed, along with social engineering tricks that lead to root access on [an] infected device”, Fortinet explained. “With root access comes more control and elevated privileges, suitable for the likes of ransomware”. The company predicted that 2012 will be the year this attack goes live. Keeping with the mobile theme, our next forecast comes from Trend Micro. You may be asking yourself, ‘but aren’t predictions around mobile threats rather common?’ In fact, you are correct in thinking this. Now ask yourself how many people have warned you about the security of the trusted applications you use every day on both your personal and corporate devices? If we have ruined your day by giving you another thing to worry about, then please send your thank you cards to our friends at Trend Micro. As previously mentioned, the dangers of BYOD and the security of mobile applications have received ample coverage. The threats they pose are both real and well documented. However, Trend Micro’s


January/February 2012


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52  |  Page 53  |  Page 54  |  Page 55  |  Page 56  |  Page 57  |  Page 58  |  Page 59  |  Page 60