Three: Privacy and Regulation
Organizations need to treat privacy as both a compliance and a business risk, according to the ISF.
"Furthermore," the report added, "we are seeing increasing plans for regulation around the collection, storage and use of information along with severe penalties for loss of data and breach notification, particularly across the European Union. Expect this to continue and develop further, imposing an overhead [cost] in regulatory management above and beyond the security function and necessarily including legal, HR and board level input."
Both Durbin and Garcia emphasized how shockingly excellent criminals are at coordinating and working together toward a cause. The Syrian Electronic Army's hack into The New York Times was offered as an example.
"The bad guys are really great at collaboration, because there's a lot in it for them," said Garcia.
Cyber-crime, hacktivism—hacking for a cause—and the rising costs of compliance, to deal with the uptick in regulatory compliance issues, can create a perfect storm of sorts, said the ISF.
One: The Internet of Things
Durbin said he'd recently met with the CEO of Telefonica, who is excited about the "massive amount of opportunity around 4G."
High-speed networks and the Internet of Things will create scenarios like the ability for a car to detect a traffic jam ahead and understand that its driver won't make it to the airport in time for his flight—and so contact the airport to change the flight.
"That level of information, in the wrong hands, is concerning," said Durbin.
Businesses can't avoid every serious incident, and few have a "mature, structured approach for analyzing what went wrong," he added. "By adopting a realistic, broad-based, collaborative approach to cyber-security and resilience, government departments, regulators, senior business managers and information security professionals will be better able to understand the true nature of cyber-threats and respond quickly and appropriately."