Three Key Emerging Trends in Cyber Security

Concerns about cyber threats—attacks on corporate internal networks and Web sites, and theft of customer information and intellectual property—have risen to the top of many organizations' watch lists.

Here's a look at three emerging—and critically important—digital trends that will significantly influence how businesses operate in 2012 and beyond:

1. Crossover of consumer devices into the workplace: the advent of "BYOD" (Bring Your Own Device).

The "consumerization of IT"—that is, the desire of employees for the simple devices, software and services they use in their personal life to be part of their business enterprise's communications and computing platform—is now one of the top three drivers of cyber security, resulting in new challenges for IT in securing these endpoints as well as for the overall corporate enterprise.

Companies often are required to search their data for relevant documents as part of the discovery process in any litigation. With BYOD policies, identifying the relevant data may not be as straightforward as it otherwise might.

For example, in addition to documents stored on computers, e-mail and file servers, employees may have notes stored on their iPads or other tablet devices. It may be necessary to use specialized software or to employ assistance from digital forensic consultants to preserve data from mobile phones or tablet devices, particularly if employees choose sophisticated smartphones.

While documents stored on a computer hard drive may be secured by encryption and security software, it is possible that copies of some documents stored on a mobile phone may only be protected by a simple four-digit combination or not at all.

With the growing adoption of BYOD policies, vendors are starting to offer solutions for securing mobile devices or creating protected areas on the devices where company data will be stored.

2. New guidelines from the U.S. Securities and Exchange Commission for public-company disclosure of cyber attacks and future cyber threats.

In October of 2011, the SEC released its first-ever staff guidance pertaining exclusively to the cyber-security-related disclosure obligations of public companies. In 2012 this development will prompt many, if not all, of the several hundred largest companies to start opening up about what they have lost and what they stand to lose.

Public companies that may have previously believed they could fly below the radar on cyber attacks are now running an even higher risk than ever before.

3. New technologies for electronic discovery that speed analysis of an ever-growing volume of data and complexity.

For legal counsel, facing an explosion of data and growing complexity in cases, saving time and money in the discovery process is essential to success.

The process known as "predictive coding" can help: It takes a random sampling of a large quantity of data for review, then software codes the subset and applies it to the entire collection of data.

This algorithmic process provides the opportunity to make judgments without reviewing the entire data set. This result can be explained and verified in court but is not considered a "black box" technology.

As a result, in part, of the three digital-security trends described above, we see a growing understanding among businesses that cyber attacks are not a matter of if, but when—and that the best defense, as they say, is a good offense.

Businesses now more than ever need to think proactively about protecting customer information, and in turn their own corporate reputation, by treating cyber security as a process rather than a one-time product.