Subscribe to CIO Magazine »

Social engineering, big data top security priorities for 2013: Gartner

Security analyst Rob McMillian says organisations need to educate non-IT professionals about social engineering and understand how to protect data
Gartner Australia research director Rob McMillan.

Gartner Australia research director Rob McMillan.

The technique of using deception and manipulation to gain sufficient knowledge to dupe an unwary individual, employee or company into revealing personal information has the potential to be one of the biggest security threats in 2013 according to a security expert.

Gartner Australia research director, Rob McMillan, who is due to speak at the analyst firm’s annual Symposium on the Gold Coast next week, told Computerworld Australia that social engineering has emerged over the last four years as a growing threat, especially for non-IT professionals who do not understand the techniques used by scammers.

Security threats explained: Social engineering

Addressing the top four big data challenges

Deploying big data networks

For example, the long running Windows Event Viewer scam involves telemarketers calling people, telling them they have a virus and requesting the recipient's authority to run a Windows program called Event Viewer in order to fix ‘so-called’ bugs in the operating system. Other callers claim they can remove the virus for a fee and ask for people's credit card details.

According to research from Sophos, scammers have called people posing as a member of their company’s IT department and named the person’s boss in order to gain their trust.

“If you want to break into an organisation you would research that organisation and identify a few individuals that you want to target, than research them,” McMillan said. “The reason why this is important is the need for stronger education and depth of understanding for non-security professionals who have access to important resources.”

Big data

Turning to the subject of how businesses protect customer data with the need to increase revenue, he said that big data should be factored into security measures.

“The thing about big data is that it is harder to get the value out of your information and to protect everything when this mass of information becomes large in volume and deep in complexity,” he said.

“It’s like your bedroom or garage — if you walk in the place and there is stuff strewn everywhere it does get more difficult to find things eventually.”

According to McMillian, IT executives need to understand where the data resides, what the data means and organising it correctly so they can extract value out of the data.

“More importantly from a security perspective you need to know how to protect it,” he said.

“If you think about payment card industry [PCI] compliance, you’ve got obligations to protect any of the data that falls under that regime,” he said.

He added that PCI compliance will be much easier if the organisation can confine all of the credit card information in a restricted area such as a couple of secure databases.

Follow Hamish Barwick on Twitter: @HamishBarwick Follow Computerworld Australia on Twitter: @ComputerworldAU, or take part in the Computerworld conversation on LinkedIn: Computerworld Australia

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

More about: Gartner, Sophos
References show all
Comments are now closed.
Related Coverage
Related Whitepapers
Latest Stories
Community Comments
Tags: Gartner, Gartner Symposium 2012, Rob McMillan, security, big data, social engineering
Latest Blog Posts
  • Top 10 reasons to strengthen information security with desktop virtualization
    This paper discusses: • The growing challenge of maintaining information security in today’s evolving enterprise environment • Key advantages of desktop virtualization as an inherently more secure computing architecture • The top ten benefits of using desktop virtualization to strengthen information security • And how you can regain control and reduce risk without sacrificing business productivity and growth
    Learn more »
  • Performance in Supply Chain
    Delivering more products, heightened quality and shortened customers with flawless execution and minimal business interruption defines your supply chain success. This report discusses a newly developed end-to-end solution with the right tools to efficiently procure, assemble, ship and deliver the goods your customers want, when they want them.
    Learn more »
  • Cloud for Business Managers in Midsize Organisations: the Good, the Bad & the Ugly
    Read this independent research report to learn how business managers around the world are using Cloud applications. Discover the top motivations for adopting the Cloud, the most common problems and recurring pitfalls; common barriers to Cloud application integration and the consequences of security breaches and compliance issues.
    Learn more »
All whitepapers
rhs_login_lockGet exclusive access to Invitation only events CIO, reports & analysis.
Latest Jobs
Salary Calculator

Supplied by

View the full Peoplebank ICT Salary & Employment Index

Recent comments