We’re just over a week away from New Years Eve and the standard resolutions made by all. Along with the resolutions (that are mostly forgotten) there come hopes and predictions for the year to come, and that’s no different in the security industry. Guillermo Lafuente, Security Consultant at MWR InfoSecurity, has provided the following predictions for 2015:
“The news of data breaches involving advanced attacks in 2014 has been astonishing. The latest one, affecting Sony, clearly demonstrates that defending your perimeter is not enough. CSOs will need a strategy in place that will help in detecting and reacting against such advanced attacks when they happen.
At the same time, reliance on cloud technology is increasing. CSOs need to have a clear understanding of the threats that cloud technology is facing and make adequate investment where needed in order to mitigate those threats
If your organization is using, or planning to use, big data, then it will be time to create security policies for the big data solution.
In summary, CSOs’ New Year’s resolutions should:
· Invest in attack detection and incident response: make sure your organization have the capability to detect and react against advanced attacks.
· Protect your internal network: perimeter defences can be bypassed and are usually inadequate against internal attackers. Make sure sufficient investment is made in having your internal network as secure as your perimeter.
· Cloud Security: make sure your organization has adequate security policies when dealing with cloud technology. Your company should remember security when selecting a provider.
· Big Data: if you are using or planning to use big data technologies, make sure that security risks are understood and mitigated, and security policies are in place.
IT managers:
Mobile, cloud and big data technologies are causing data to become increasingly less centralised. This makes the job of protecting data more challenging for IT managers as protecting individual systems is no longer a valid approach in order to keep company data safe.
On the other hand, many companies lack the necessary expertise in-house to adequately manage security. It is important that IT managers analyse the security knowledge of their staff and invest in training. Also, they should consider bringing in external help when needed.
Security breaches in 2014 have shown us that securing the perimeter is not enough to keep company data safe. Perimeter security can be easily bypassed and therefore IT managers will need to invest in 2015 in increasing capability for detecting advanced malware and data exfiltration.
In summary, IT managers’ New Year’s resolutions should be:
· Create a strategy based on data: security should be data based rather than device based. Think what data is critical for your business and think how you could protect it.
· Invest in training: Adequately trained staff will help preventing breaches. When needed, bring external help.
· Attack detection and incident response: make sure your team is ready to detect an attack and react to it. Invest money in making sure a data breach can be detected as early as possible.
· Don’t forget the classics: keep your systems up to date, make sure you have an adequate password management or identity management system in place, and back up and encrypt your data.”