As another year begins, now is the time for IT departments to look at how they can best mitigate security risks. With security issues becoming more complicated as technology continues to be more deeply integrated into our day to day lives, understanding how to deal with the impact of security risks like botnets, distributed denial of service attacks and the rise of hacktivism has never been more important. Along with understanding risk comes a need to understand what drives attacks and cyber criminals, and why exactly these groups are taking aim at a variety of enterprises from around the world. Managing security is about more than brand reputation There are many large organisations that need to address security risks in 2012. The rationale for addressing such risks was once around brand reputation and maintaining a positive image in the media, but this year marks a shift in thinking for these organisations. While mitigating risk was once seen as not much more than maintaining good practice, recent times have showed that there has been an increase in the number of outages being reported in the media; a good indicator that the general public are a lot more aware of drop outs in service and the consequences such disruption can cause. Understanding threats will help you overcome them Threats themselves are more insidious than they once were, and security professionals now need to deal with a plethora of risks. From distributed denial of service attacks to botnets and advanced persistent threats; security professionals are in for a busy 2012. When you add the rise in popularity of social networking as a new channel of play for cyber criminals to the mix, you've got a very sophisticated and personalised set of security threats. Understanding what threats look like, the form they come in and providing your staff with information about what to keep an eye out for is crucial to mitigating risk in 2012. Knowing what drives hackers is vital Another trend that began last year and will continue into 2012 is the rise of ethical hackers such as LulzSec and Anonymous. The popularity of such groups demonstrates that hackers don't always have financial gain at the top of their list of priorities. Cyberterrorism groups are another case in point, with extremists now using toxic technology to bring enemies to their knees. This year will be defined by threats to critical infrastructure, so the bar has definitely been raised. Those organisations running such infrastructure, including government departments, electricity companies, airlines and core banking organisations, are being targeted more and more thanks to a shift in priorities of hackers and cyber criminals. Protecting your company's IP can be done through your BYO technology policy While organisations will take out insurance on properties and tangible assets, they really need to start thinking about what will happen when their intellectual property (IP) is leaked and walks out the door. Anything that can be used as a competitive advantage by rival companies can sit on various employee devices that are not necessarily centrally managed, and having unauthorised access to such information could lead to a corporate disaster. The way that information is locked down and permeated is very hard to control. You can access all of your critical information where the IP is being pushed around, but at the same time, you can't slow up the business. The traditional method of presenting a fifty page security policy to employees doesn't really cut it. While you can't block and check everything, you can protect your company's IP with a secure BYO technology policy.