Lack of attention to security by social media players cause for concern, Gartner _ Tech Channel MEA
1. 11/22/2015 Lack of attention to security by social media players cause for concern, Gartner | Tech Channel MEA
http://techchannelmea.com/researchandsurveys/lackattentionsecuritysocialmediaplayerscauseconcerngartner 1/7
TCM Search Search
Lack of attention to security by social media players cause for
concern, Gartner
Source: Arun Shankar
Publish date: 17 Nov 2015 Print Email
Related Articles
GCC external storage market suffers
YoY decline of 16.11% in Q2 2015
MENA information security spending
to reach $1.1 billion in 2015
GCC hype cycle from Gartner
presents challenges faced by region
Infrastructure, utility projects drive
UAE IT services market growth
Greg Young, Research Vice President at Gartner,
presented the top trends in information security that is of
relevance to the region at a recent briefing session. This
included the importance of the role of social media
companies, the increasing attack surface being generated
by IoT devices, tradeoffs between private and public
sector organisations and institutions, the reducing returns
from spending on security due to shortage of skills, the
exclusion of either China or US in bidding of security
projects, over reliance of marketing by security
companies, drawbacks of using encryption, backdoor
and shadow IT being targeted, and zero year more of an
issue than zero day.
Greg Young, Research Vice President at Gartner.
Gartner presented the top security concerns for the region at a recent briefing
session.
Home / Research And Surveys
Articles Pictures Videos
Emirates airline, Dnata to enhance business
with big data analytics
Mubadala, GE finalise deal for joint venture in
Al Ain
Mahindra Comviva to extend footprint across
MENA region
Canon enters partnership with Cerebra Middle
East
Microsoft, Pacific Controls announce software
platform Galaxy 2021
Read more..
Most Recent
The capital required to build the
capability to build the next
generation semiconductors is quite
significant.
Michael Dell, Chairman of the Board of Directors
and CEO of Dell
End user customers are seduced
into buying multiple point products
but then you have an integration
problem.
Anthony Perridge, Security Sales Director, Cisco
While there may be political reasons
to link the Sony hack to a certain
state this is only speculation.
Nicolai Solling, Director Technology Services, Help
AG
Conventional smartphones only
exchange messages and no
emotions.
Vladislav Martynov, CEO Yota Devices
Read more..
Briefly Spoken
Home Sign In Register
TECHNOLOGY CHANNEL PARTNER PROGRAMMES NEW PRODUCTS EVENTS PEOPLE EXPERT TALK
CONVERGENCE CLOUD SECURITY STORAGE MOBILITY RESEARCH & SURVEYS
2. 11/22/2015 Lack of attention to security by social media players cause for concern, Gartner | Tech Channel MEA
http://techchannelmea.com/researchandsurveys/lackattentionsecuritysocialmediaplayerscauseconcerngartner 2/7
Greg Young presents Gartner's view of security trends
#1 Social media companies more than security companies will determine three year threat
trajectory
Since social media companies own so much of the data today, attackers try to bypass company
security scans by using social media links. A lot of attacks are coming from social media based
sites. Also social media companies do not want to block a lot of links since that is counter to
their business model. Social media sites have a certain level of security but threat actors are
channelling attacks from them. On social media, it is easy for threat actors to come up with a
new identity, but an identity that has been around for a few years and known to be good, that is a
powerful thing to get by a lot of security tools. Social media companies have a big and
increasing responsibility that they do not recognise and accept. It is unfortunate that social media
companies have to be pressured to do that, but they are the vector today for a lot of distribution,
rather than looking for problems with operating systems. Social media companies can have a
bigger impact on what happens today. More videos
Greg Young presents Gartner's view of security trends
#2 IoT attack surface is expanding exponentially
For threat actors, the Internet of Things IoT is a fantastic opportunity, since there are a lot more
connected devices than connected PCs, smartphones, and tablets. With everything connected
now, if your neighbour is vulnerable you are vulnerable. And if your neighbour is vulnerable
there are now two adversaries. Threat actors may not use IoT devices directly to stage an attack,
but they may use hundreds of IoT devices to launch a denial of service attack from a vulnerable
nearby site. With all the connected chips, IoT is a platform to be exploited.
In terms of securing IoT, vendors are saying they are protecting the edge of the IoT network or
they are protecting the IoT devices by hard coding security. Most of the hard coded security we
are seeing today is terrible. But securing IoT is no different from what we have today. One place
cannot fit everything and a layered approach to IoT security is required. People are making
mistakes with IoT by giving up one aspect and going for the other. Unfortunately for IoT both
are needed and more than that today. Manufacturers of IoT devices are not really interested in
security, since they believe security can come later or someone else will look after security.
Removing the hype, IoT is really just a lot more devices. More videos
3. 11/22/2015 Lack of attention to security by social media players cause for concern, Gartner | Tech Channel MEA
http://techchannelmea.com/researchandsurveys/lackattentionsecuritysocialmediaplayerscauseconcerngartner 3/7
Greg Young presents Gartner's view of security trends
#3 Public and private sector security trade offs
Governments are good at intelligence gathering but really bad at sharing intelligence to stop
attacks. It is a difficult cultural change for governments to be able to help even their own citizens
or their own companies to do that. Governments want to tell people how to secure things rather
than help people. They prefer to set up rules rather than technology.
For the private sector there are also difficult decisions for companies to make. By opting for
disclosure of security breaches they have to choose between risking reputation and helping out
competitors by sharing of information or keeping it secret. They have to choose between the
liability of giving up the privacy and information of their customers and putting their customers
at risk, versus operational cooperation. There are some really difficult choices that companies
and governments are trying to make. It is a shift that is slow and naturally difficult but it could
change.
Relatively in Germany there is a great concern for privacy, and the state of Quebec in Canada. In
the region there is a positive support and enabling of awareness. But around the world
governments are too often concerned about control, sometimes too much, and getting data on
their adversaries, rather than collaboration. That is going to change, since it cannot continue the
way it is. It is almost the dark age of government security right now. More videos
Greg Young presents Gartner's view of security trends
#4 Reducing returns from security spending
In the GCC region, because there are so many attacks going on and because of critical
infrastructure and resource based industries, there is an excellent level of security. However what
you have is too much spending and a shortage of people. When you have the same number of
people having to use more and more tools all the time, they cannot go on with it. So we are
seeing a lot of confusion. An estimated 40% of positions for security are unfilled right now, and
this will go up to 50% to 60% in a few years. So we cannot keep giving our carpenters more and
more tools into the tool bag and expect them to do their task, it is actually becoming a problem.
Some of the biggest attacks we have seen, people have a lot of tools, but there is just too much
work for them, so we have a people shortage. Money is not a problem, it is not going to slow
down, and CIOs are going to keep spending to keep their jobs. In the region itself shortage of
4. 11/22/2015 Lack of attention to security by social media players cause for concern, Gartner | Tech Channel MEA
http://techchannelmea.com/researchandsurveys/lackattentionsecuritysocialmediaplayerscauseconcerngartner 4/7
personnel is a real significant issue. While outsourcing is an option but even they are
struggling. More videos
Greg Young presents Gartner's view of security trends
#5 Exclusion of US and China in security projects
By 2020 10% of requests for proposals will exclude either China or US security companies from
bidding. While currently there is an informal process to exclude either, it is now becoming into a
formal process, due to state sponsored interference in products. This is affecting North America,
China, Asia Pacific. Other than Chinese and US there is everybody else but the choices are few.
The big message here is there is really a separation in the two markets.
State sponsored attacks are so smart that it is difficult to identify where they are coming from.
This can be executed by state actors at a country level, but not by companies. When a company
is targeted by a state that is unfair. State sponsored level of attack capability is so high and so
advanced it is often unfair when it is targeted at a company. States fight states and companies
fight companies. More videos
Greg Young presents Gartner's view of security trends
#6 Bad behaviour by security companies
With the gold rush of attacks and money there has come some bad behaviour by security
companies. Some of the security marketing that is going on is irresponsible. Some security
companies are spending more on marketing than they are making on revenue. This spending on
marketing has never been seen before, and in some case they are not security companies but
marketing companies. All security companies are competing for a narrow aperture of CIO
attention. With security in the news all the time, it can be very confusing. More videos
5. 11/22/2015 Lack of attention to security by social media players cause for concern, Gartner | Tech Channel MEA
http://techchannelmea.com/researchandsurveys/lackattentionsecuritysocialmediaplayerscauseconcerngartner 5/7
Greg Young presents Gartner's view of security trends
#7 Session encryption blinds inspection safeguards
Encryption is increasingly blinding security technology since you cannot see through encryption.
Instead of making us more secure, encryption is making us less secure, since you need to look
into it for security inspection. This is now an interesting challenge since encryption itself is
becoming into a problem with SSL vulnerabilities that cannot be monitored. More videos
Greg Young presents Gartner's view of security trends
#8 Securing the back door
Backdoor entry into products and services are built into them to allow governments to make
lawful intercepts. But threat actors are aware that products and services have this backdoor entry
for lawful intercept built into them, so they are targeting that because they know everything is
there. More videos
Greg Young presents Gartner's view of security trends
#9 Shadow IT will be targeted
6. 11/22/2015 Lack of attention to security by social media players cause for concern, Gartner | Tech Channel MEA
http://techchannelmea.com/researchandsurveys/lackattentionsecuritysocialmediaplayerscauseconcerngartner 6/7
COMMENT
Share your views post your comment below
As business departments get frustrated with the technology people, they will leap ahead to
implement their own technology. While shadow IT is within the enterprise it is not as well
controlled by the IT organisation. Shadow IT is a great target because it often falls outside the
security management of the company. More videos
Greg Young presents Gartner's view of security trends
#10 New CIAS information security model
The thirty year old information security model has traditionally consisted of three corner stones
including confidentiality, availability, and integrity CIA. With increasing sophistication of threat
levels and associated damage concerns, the model now includes safety. With increasing
connectivity through IoT people can get hurt and safety has been added as a new vector. More
videos
Greg Young presents Gartner's view of security trends
#11 Existing zero year threats are bigger problem than zero day
Most of the threats that are emerging everyday are based on vulnerabilities that we already
know. The number one 2014 malware is based on seven year old Windows vulnerability. The
business of ransomware grew by 113% last year. Phishing attacks are now extremely well
targeted, and are using .Doc and .Exe files. While the security vulnerability is the same in each
organisation, the exploits are different. If you patch the vulnerability you can stop the exploits.
Some of the best security practices around the world are from some of the banks using a grass
roots approach rather than top down. But this is not the case with all banks and some are
struggling. More videos