Strategy

now browsing by tag

 
 

Cybersecurity #Strategy: Top #Security #Resolutions for 2018

Source: National Cyber Security – Produced By Gregory Evans

From conducting a top-to-bottom IT security audit to ensuring your computing infrastructure and software are completely updated and patched, there are plenty of important tasks related to cybersecurity strategy for IT pros to check off as 2018 approaches.

To help enterprises get a fresh start on the New Year, ITPro asked several IT analysts to share their top ideas for 2018 security resolutions which IT pros can follow as part of a broader cybersecurity strategy to help keep their business systems running smoothly.

To start, the New Year is a good time to check to ensure that all your company’s endpoints – from laptops to desktops to switches and everything in-between – are secured where they connect with your secure company networks, says Dan Olds, principal analyst at Gabriel Consulting Group.

“This is also a good time to check the security profiles for everyone on your network,” and make sure that everyone is obeying policies when using their devices, he says. “By this I mean making sure that every employee has just the right amount of access to data needed to do their jobs – and no more.” By conducting such checks, you’ll likely uncover many potential threats, such as contractors and ex-employees who might still have accounts on your systems, he adds.

Another important resolution that’s often forgotten is to be sure all your hardware and software are given the latest security updates and patches to protect your users and IT systems, says Olds. “The biggest threat vector today is unpatched systems. Get everything brought up to date to face the New Year behind a reinforced wall of security.”

“You could even put your IT systems to the acid test by hiring hackers actually try to penetrate your systems from outside your firewall,” says Olds. “This isn’t an exercise for the faint of heart, but it will pay dividends.”

Sean Pike, a security analyst with IDC, recommends tightening your cybersecurity strategy and ensuring cloud security by taking steps to harmonize your company’s tools for managing on-premise and cloud-based cloud infrastructure.

“Once upon a time, traditional, on-premise security providers generally failed to innovate toward the cloud as rapidly as perhaps they should have,” says Pike. “As a result, many organizations ended up treating cloud and on-premise infrastructure differently,” which meant learning and maintaining separate security tools for two different environments.

To simplify such issues in 2018 and better manage your company’s clouds, IT pros should work in 2018 to integrate their hybrid or multi-cloud security using a single tool, he says.

“A great example of this are cloud security gateways (CSG) in which security vendors have spent a great deal of time adding functionality over the last two years,” says Pike. “The CSG is the central control point for hybrid cloud environments for a number of large security vendor incumbents.”

Another important resolution to prepare for is the upcoming General Data Protection Regulation (GDPR), which will take effect in the European Union on May 25, 2018, says Pike.

The GDPR replaces earlier data privacy laws and applies to businesses outside the EU if they offer goods or services to EU residents. The GDPR applies to all companies processing and holding the personal data of EU residents, regardless of where a company is located. Penalties for non-compliance with the GDPR are costly – up to four percent of a company’s global revenue or $22.7 million for violations, such as not having sufficient customer consent to process their data and not notifying the supervising authority and users about a data breach within 72 hours.

“Security pros will be scrambling to meet GDPR as the May deadline edges closer,” he says, and once 2018 arrives it will be time to act. “Unfortunately, many businesses will just be kicking off their efforts so it’s a good idea to start by identifying business processes and establishing how data flows throughout each process.”

Since there will be so much to do if you haven’t yet gotten started, “it’s important to first understand how business processes actually work and what kind of data is out there,” says Pike. “Otherwise, you run the risk of overwhelming staff with too many instances of potentially sensitive data to chase. I always like to start with the process where possible.”

IT pros should also spend more time with network access control (NAC) in 2018, he says, as they continue to connect new kinds of devices and sensors to the Internet of Things as part of their corporate infrastructure.

“IDC sees NAC as a necessary first line of defense as businesses expand to allow unknown, unmanaged, or unintelligent devices access to network resources,” says Pike. “NAC’s core discovery functionality can help businesses identify and inventory devices that connect,” and can control access to network resources by acting as a gatekeeper and disallowing devices that do not meet a preset corporate profile.

Another analyst, Charles King of Pund-IT, suggests trying a new tack in 2018 by making “best-case scenario” projections for security, rather than the typical worst-case scenario planning that seeks to plan for disasters that can occur. Instead of overwhelming IT staffers and other employees with worst-case planning, “imagine what your organization would need to make it through 2018 without any security breaches or problems, then consider what it would take to achieve that state,” says King.

“Maybe you’ll find that it’s virtually impossible due to factors like fundamental disconnects between the security solutions you use and the systems they’re meant to protect,” he says. “Maybe your company has employees or executives who can’t be bothered with security procedures they’re asked to follow. But each of those discoveries will identify incremental action items that you and your co-workers can work to correct” in the New Year.

Not every security resolution for 2018 must be huge, though, says Andras Cser, an analyst at Forrester Research.

“Change passwords every 90 days and enforce them to be at least 10 characters in length,” says Cser. In addition, “implement at least the option for two-factor authentication for employees and customers on your websites,” while taking detailed steps to revise and fortify your enterprise’s incident security responses to better protect the company.

Ensuring that your IT security starts strong in 2018 and continues throughout the year is a great goal to have for every enterprise. Using these expert IT security resolutions and tips can help you accomplish those tasks.

The post Cybersecurity #Strategy: Top #Security #Resolutions for 2018 appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Cybersecurity #insurance only a #piece of #data #protection #strategy

Source: National Cyber Security – Produced By Gregory Evans

Many organizations are reinforcing their cybersecurity strategy by signing up for cybersecurity insurance. Cybersecurity insurance is still in its nascent stage of development, but businesses worldwide are beginning to recognize its importance in today’s evolving threat landscape: Auditing firm PwC predicts insurance policy premiums to grow to $7.5 billion by the end of the decade.

At the recent MIT Sloan CFO Summit in Boston, panelists during a session titled Cybersecurity: How much is too much? talked about the role cybersecurity insurance plays in an organization’s overall cybersecurity strategy.

“In terms of cyber insurance, it is a pretty new industry; it’s still maturing,” Aparna Ramesh, ‎CFO at the Federal Reserve Bank of Boston, said. “I think it will be interesting to see what kind of analysis and information comes out once this industry matures.”

Designed to mitigate financial losses from incidents like data breaches, cyber insurance can protect businesses from some of the risks involved in doing business online. Cybersecurity insurance policies can help cover extra expenditures such as regulatory costs and meeting customer notification requirements that result from the theft or destruction of digital assets.

But Pietr Lindahl, senior director of cyber threat reduction and strategic analysis at ‎Philips, advised organizations against solely relying on cyber insurance.

“It may help soften the blow from a financial perspective, but hasn’t done anything to protect your brand reputation or ensure business continuity,” Lindahl said.

Several factors are considered when budgeting and planning an organization’s cybersecurity investments such as insurance policies, Lindahl said. The amount of money budgeted will vary based on the company’s risk profile, what kind of information they have that could be targeted and what kind of proprietary information they have, he added. He also advised organizations to annually reevaluate their threat landscape and risk appetite.

Scott Ward, CFO at Cybereason and a co-panelist, sees cybersecurity insurance as “just another tool in the toolkit” of organizations trying to prevent and prepare for cyberattacks.

To think of it as a silver bullet is wrong, Ward reinforced. After Target’s huge 2013 data breach, cyber liability insurance covered only 36% of the companies associated costs, he reminded the audience.

“A lot of technology is still evolving, changing and improving and the same has to be said with cyber insurance policies. There is a lot of work going into those policies in the development and understanding what’s covered and what’s not. It’s definitely a work in progress,” Ward said.

The post Cybersecurity #insurance only a #piece of #data #protection #strategy appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

National #cybersecurity #strategy can help #Ireland cement its place as an #infosec #hub within #Europe

more information on sonyhack from leading cyber security expertsSource: National Cyber Security – Produced By Gregory Evans Something interesting has happened in the past year: the term ‘cybersecurity’ has finally entered the mainstream. Due to a period of global instability and numerous cyberattacks by actors eager to take advantage of the uncertainty wrought by Brexit and Trump, the issue of cybersecurity has never […] View full post on AmIHackerProof.com | Can You Be Hacked?

UN report: 50% of countries have no cybersecurity strategy in place

Source: National Cyber Security – Produced By Gregory Evans

Only 38% of countries have a published cybersecurity strategy, and just 12% are in the process of developing one, according to a new report from the United Nations (UN). The Global Cybersecurity Index 2017, created by the UN’s International Telecommunication Union (ITU) and released Wednesday, urges more countries to consider…

The post UN report: 50% of countries have no cybersecurity strategy in place appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Changing Technology Leads Evolving Cybersecurity Strategy

Source: National Cyber Security – Produced By Gregory Evans

Changing Technology Leads Evolving Cybersecurity Strategy

Dr. Jacob Shively, assistant professor of government at the University of West Florida, recently received a GROW Institute grant from the UWF Office of Research and Sponsored Programs to begin to look at the implications of technology and security policy. “My larger area of interest is national security and foreign…

The post Changing Technology Leads Evolving Cybersecurity Strategy appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Lessons for business from US cyber security strategy

Source: National Cyber Security – Produced By Gregory Evans

Lessons for business from US cyber security strategy

This month has seen two important events for global cyber security – the updating of the United States government’s cyber security strategy and a detailed briefing on cyber threats from the US intelligence services. The executive order signed by Donald Trump gives individual heads of government agencies the final responsibility…

The post Lessons for business from US cyber security strategy appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

One year on, is Australia’s cybersecurity strategy on track? Experts respond

Source: National Cyber Security – Produced By Gregory Evans

One year on, is Australia’s cybersecurity strategy on track? Experts respond

rime Minister Malcolm Turnbull launched Australia’s cybersecurity strategy in April 2016, and more than one year on, there’s work to be done. Upon launch, the strategy was criticised for its lack of funding and vague goals. Among other targets, it aimed to ensure more information was shared between government agencies…

The post One year on, is Australia’s cybersecurity strategy on track? Experts respond appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Why digital security should be part of every business strategy

Source: National Cyber Security – Produced By Gregory Evans

There is no doubt that in the highly digitalised world of 2017, digital security should be part of every business strategy, whether it’s for launching a new app or maintaining a website. We are collecting vast amounts of data – …

The post Why digital security should be part of every business strategy appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

5 ways to adapt your mobile security strategy for IoT

Source: National Cyber Security – Produced By Gregory Evans

Ready or not, the IoT wave is already breaking on enterprise shores. While smart, connected devices mean increased automation and digitisation, they also translate into new challenges that will require companies to shift their approach to security. Already, malware infecting …

The post 5 ways to adapt your mobile security strategy for IoT appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

The Department of Homeland Security is essential to US cyber strategy

Source: National Cyber Security – Produced By Gregory Evans

The Department of Homeland Security is essential to US cyber strategy

Last week, President-elect Donald Trump formally nominated former commander of United States Southern Command Gen. John F. Kelly to serve as secretary of the Department of Homeland Security (DHS). In his announcement, he cited Gen. Kelly’s “decades of military service

The post The Department of Homeland Security is essential to US cyber strategy appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures