What are your 2018 cybersecurity intentions?
With another year of too many high profile, and quite frankly avoidable, data breaches under our belts, it’s time to take a look forward and identify areas where you may be able to improve your security program and hopefully become more efficient and reduce risk more effectively.
The list below is based on conversations held with numerous CISOs across Europe in 2017, and where they see making the biggest investments and effort in the year ahead will help them improve the most. Perhaps you’ll find the most recurring themes from these conversations useful, too.
Getting betting at the basics. There’s a reason why athletes, or those proficient in anything, make certain to keep themselves sharp with the basics. It’s because the basics, while the essentials, aren’t always necessarily easy to do at high performance day after day. The same is true for security organizations. Getting identity management, vulnerability management, good software development hygiene in place in continuous development pipelines, configuration management, and cloud security, and more. Now is a good time, to take a had look at how well your organization focuses on the basics, and improve were improvement can be made.
Automate. Enterprises move from their legacy data centers to hybrid cloud, and embrace containerization and microservices, it is fundamentally changing the way they must secure their environments. The increase speed, agility, and complexity of cloud absolutely demands that automation is increased fast as possible and where possible.
Learn what AI means to your organization. The year 2018 will be the year many organizations grapple with how they’ll manage AI in their cybersecurity efforts. The CISOs interviewed expect machine learning in the next year to be an absolute necessity to keeping up with threats and incident response, but it’s expected to be a matter of the algorithms augmenting the human analyst and not replacing them. Mastering these new toolsets will be (or should be) a priority. But as Luana Pascu wrote in Limitations of Machine Learning algorithms in malware detection isn’t a silver bullet as much as a new tool at our disposal.
Get better at defending ransomware and extortion attacks. Ransomware grew in a profound way in 2017 and there’s no reason to think that this is a trend that will change any time soon. In fact, ransomware attacks are likely to grow more severe over the next few years, and following the success of WannaCry, NotPetya and BadRabbit expect different types of systems to be targeted by these attacks.
Notifiable Data Breach Scheme. Australia's Notifiable Data Breach Scheme will come into force next month, and there's a lot of responsibility on each organisation to secure the data it holds. Agencies and organisations that suspect an eligible data breach may have occurred must undertake a "reasonable and expeditious assessment" to determine if the data breach is likely to result in serious harm to an individual affected. Failure to comply with the NDB scheme will be "deemed to be an interference with the privacy of an individual", and face a penalty of up to AU$2.1 million, as well as the risk of reputational damage to its brand
When it comes to implementing cybersecurity intentions this year, not every organization is the same, so the areas your organization may need to focus on could be vastly different. The important thing is to find the most pressing risks and your areas of weaker performance or vulnerabilities and improve them as the year progresses.
Originally published: https://businessinsights.bitdefender.com/2018-cybersecurity-intentions Jan 10, 2018