At the end of every year, media outlets such as EBN get retrospective lists (the best/worst of 2012) and forecast lists (what to watch out for in 2013). Supply chain security continues to top the lists of concerns.
Here's a recent summary from the Information Security Forum, an independent security body, on the top five security threats of 2013:
- Cyber (in)security
Increased government presence in cyberspace will have a profound impact on the future of information security. Targets for espionage will include anyone whose intellectual property can turn a profit or confer an advantage.
- Supply chain security
More organisations will fall victim to information security incidents at their suppliers. From bank account details held by payroll providers, to product plans being shared with creative agencies, today's organisation's data is increasingly spread across many parties. While the IT function can provide an inventory of all data they hold, it is difficult to do that throughout the supply chain.
- Big data
As big data continues to become a game-changer for businesses, the security risks have become even greater. From structured and unstructured data within the network of enterprise PCs and servers to consumer-friendly smartphones, laptops and storage devices that introduce new data management challenges, businesses can be easily overwhelmed by the risks posed by big data.
- Data security in the cloud
The rising costs that are associated with proving cloud computing compliance and external attacks on the cloud will increase in 2013. While a number of organisations are now implementing strategies for cloud computing security and compliance, businesses still have a way to go in certain areas, mainly because a lot of organisations still do not know where they have cloud implemented across their business.
- Consumerization — securing consumer devices
If implemented poorly, a personal device strategy in the workplace could face accidental disclosures due to loss of boundary between work and personal data and more business information being held in
[an} unprotected manner on consumer devices.
Most of the security warning lists that come out are IT-related: they focus on the theft of information and data as the prime concern. However, for the electronics supply chain, there is a separate side to security that I think is even more important: the physical movement of cargo. There's a lot less information available on this topic aside from initiatives such as the Customs-Trade Partnership Against Terrorism and the Container Security Initiative Strategic Plan that our colleague Douglas Alexander writes about in Star TRECs for the Supply Chain .
Counterfeit products enter the electronics supply chain most often during the transport/shipping phase of the transaction process. (We'll take a closer look at this in upcoming posts.) So I've been wondering: Given the tight spending budgets expected for the electronics industry this year, where are you going to spend your security dollars?