Security on the Spot Series: IQ Business part two

IQ Business competence leader Craig Meyer discusses information security.

What do you see as the single biggest information security risk this year?

When you distil IT security down to its essentials, I believe it all comes down to protecting data. Sensitive data in the enterprise can be its biggest asset, and the evolutionary threats facing this information are a big risk.

Without the proper safeguards, organisations stand to lose corporate intellectual property (IP), marketing plans, financial records, customer intelligence and competitive information. And this doesn't even include the personally identifiable information, which is protected by regulation.

What is the one key risk mitigation step enterprises need to take this year?

In the continued move to cloud-based services and the 'Internet of everything', it is important that public and private sector organisations build a better security infrastructure that allows elements to collaborate better with one another and provide better intelligence to detect and mitigate threats across all vectors.

What, in your view, was the biggest security breach of the past year?

Possibly the report disclosed by Rapid7 stating that the government sector had 268 data breaches exposing more that 94 million personally identifiable information (PII) over a three-year period. Ouch!

What is the biggest information security weak spot in the enterprise?

The challenges of the borderless enterprise and the increasing consumerisation of IT and BYOD (bring your own device) will continue to unfold. In addition, the effective identification and consolidation of operational big data and intelligence reporting must still be addressed as a key issue.

In a nutshell, how has cyber crime changed in the past year?

Well, gone are the good old days of bragging rights or inquisitive self-indulgence, replaced now with a complex network of organised crime with individualised service offerings. The past year has seen its spate of hacktivists, APTs and cross-platform malware; however, not much innovation has occurred in the cyber crime landscape; it is still the simple attack vectors, eg, SQLi, default configurations and simple passwords that are prevalent and hold the headlines.

What are cyber criminals targeting now, and what will they target in future?

Modern threats are becoming more sophisticated, capable of infecting mass audiences silently and effectively and do not discriminate by industry, business or country. Cyber criminals will be taking advantage of the ever-increasing attack service found in the evolution of today's "any-to-any" world.

IQ Business was one of the Bronze Sponsors at this year's IT Security Summit.

Meyer is an experienced technical specialist with a broad range of knowledge in software development, system architecture and design, and data management and governance. Over the last 18 years, Meyer has worked in multiple complex environments and industries delivering critical business solutions and services. Meyer is a relationship leader at IQ Business with line management responsibilities for the data architecture team, providing data management and BI services to multiple clients.

Meyer has an extensive software development background that allows him to work as a solution or application architect, but his passion is information security, specifically the areas of application security architecture, data security architecture and software assurance, including penetration testing and vulnerability management. He has completed an OSCP and studied for both the CEH and CISSP certifications.