Turn the Tide on Cyber Security in 2016

Uploaded on 2016-01-04 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

By any measurement, 2015 was another bad year for the world in terms of cyber security. Despite record spending of more than $75 billion USD, losses were still estimated to be around $400 billion, with some firms predicting losses will grow to over $2 trillion by the end of 2020.

But 2016 doesn’t have to be another losing year for cyber security professionals, and there is a way forward to stem the rising global financial losses from organized cybercrime and nation-state actors.
There are lessons we can draw upon from the various high-profile breaches and security exploits ranging from attacks on web services, to the widely publicized car hacks, to the raid of personal data from government agencies and insurance firms.

From the increasing number of attacks on web services, we can learn the lesson of the importance of only keeping the data your organization requires to operate efficiently and to serve your customers’ needs. When customers are no longer customers, it’s time to get rid of the data. The easiest data to protect is the data you no longer hoard.

Let’s face it; every organization is guilty of data hoarding to some extent, whether that’s due to cheap storage costs and the ever-tempting promise of big data that may (and may not) provide key insights to develop new business approaches and strategies.

But keeping data that no longer has clear, tangible, direct benefits to the organization comes now with a security premium and your organization should carefully weigh the benefits of keeping the data versus the costs of securing it and the risk from the damage that it can do if it’s breached and released.

From the car hacks, we can learn the lesson that security can’t be an afterthought and is at its worst when it’s bolted on after the fact. There are also critical lessons to be learned from the way that the patching process was handled. (Patches should not set people up for a behavior that could someday compromise their vehicle’s security).

From attacks against government agencies and insurers, we learn the value and limits of integrated defensive technologies. The fact that these attacks were successful against organizations with significant security investments highlights that while systemic security solutions play a key role in modern security, they are also not the silver bullets that customers may believe them to be.

A true, holistic, pan-organization approach to cyber security is required to thrive and survive in 2016.

At the University of New Brunswick, a medium-sized teaching and research school in New Brunswick, Canada, we’ve embarked on a four-pronged strategy to improve our security and reduce our risk.

Each of these initiatives is just as important and integral to the overall success of the strategy as the other. The first three don’t even involve technology investments, while the fourth is a comprehensive, multi-year overhaul of our network and security architecture. Together they form our holistic approach to cybersecurity.

#1. The first initiative is a new IT security policy designed to help all levels of leadership at the university – including managers, directors, executives and the deans – understand their role in protecting UNB data and technology assets, and how they can help us effectively respond in a timely manner to incidents.

#2. The second initiative is a data governance exercise that forms one-half of a behavioral and cultural change effort. Through this exercise, the university aims to identify, classify and protect all sensitive data in its custody. In a highly decentralized organization, such as a university, this is not an easy feat. However, its importance cannot be overstated – you can’t protect the data you didn’t even know existed.

#3. The third initiative is a comprehensive, year-round cyber security awareness campaign that leverages computer-based training, a SaaS phishing testing and education platform, internal and external blog posts, items in internal communications e-newsletters, as well as group and one-on-one security briefings.

#4. The fourth initiative, a comprehensive overhaul of network and security architecture, will impact all aspects of information technology use at the university. The new architecture is based on a set of principles that will help UNB achieve a digital immune system through the use of technologies that share threat information. This threat information is then used to automate responses to different incidents based on threat severity and asset importance. To do this, the vision is for UNB to integrate technologies, such as NAC, SIEM, next generation firewalls, advanced gateway anti-malware, endpoint protection and asset management.

This level of integration is essential for the university to respond to the overwhelming scale of threats it faces on a daily basis with a limited number of human resources to handle incidents. This same problem will become increasingly acute across all sectors as the talent shortage in cyber security continues to persist.

Tackling cyber security in 2016 is going to take a lot of patience, strategic thinking and investment but if an organization can muster all of these elements, they will find themselves in much better shape to face an increasingly hostile online environment.

Tripwire: http://bit.ly/1YUrwKX

« Turkish Hackers Threaten To Shutdown Russian Government Websites
Cyberwar: Islamic State, Russia & China Hold The Advantage »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Secure Identity Alliance (SIA)

Secure Identity Alliance (SIA)

The Secure Identity Alliance is dedicated to supporting sustainable worldwide economic growth and prosperity through the development of trusted digital identities and the adoption of secure eServices.

Rohde & Schwarz Cybersecurity

Rohde & Schwarz Cybersecurity

Rohde & Schwarz Cybersecurity provide solutions for Secure Networks, Secure Communications, Network Analysis, and Endpoint Security.

DOS

DOS

DOS is an Ecuadorian company with 3 decades of presence in the market and extensive experience in the planning, management and execution of IT Service Integration Projects.

Aporeto

Aporeto

The Aporeto platform protects cloud applications from attack by authenticating and authorizing all communications with a cryptographically signed identity assigned to every workload.

DCX Technology

DCX Technology

Recognized as a leader in security services, DXC Technology help clients prevent potential attack pathways, reduce cyber risk and improve threat detection and incident response.

NDK InfoSec

NDK InfoSec

NDK InfoSec is a specialist Information Security and Cyber Security search firm. We're not just a security function in a larger generalist recruitment company.

Etonwood

Etonwood

Etonwood specialises in infrastructure and vendor technology recruitment in areas including cloud platforms, cyber security and service management.

INVISUS

INVISUS

INVISUS protects businesses against the latest cyber risks – including business and employee identity theft, data breaches, and cybersecurity compliance.

Experis

Experis

Experis provide IT resourcing, project solutions and managed services. We enable organizations to cultivate individuals and teams prepared for the digital age.

Regulativ.ai

Regulativ.ai

Regulativ.ai is an innovative and comprehensive platform, driven by AI, to address the regulatory and compliance needs of Cyber Security Regulatory compliance and reporting.

Wazuh

Wazuh

Wazuh is a free, open source and enterprise-ready security monitoring solution for threat detection, integrity monitoring, incident response and compliance.

Quad9 Foundation

Quad9 Foundation

Quad9 is a free security solution that uses DNS to protect your system against the most common cyber threats. It improves your system's performance, plus, it preserves and protects your privacy.

RealTyme

RealTyme

RealTyme is a secure communication and collaboration platform with privacy and human experience at its core.

Focus Digitech

Focus Digitech

Focus Digitech helps you with your digital transformation journey with our main core offerings of Cloud, Cybersecurity, Analytics and DevOps.

Framework Security

Framework Security

With Framework Security, you get more than a consultancy; you get a partner dedicated to simplifying cybersecurity and protecting your business in the most efficient way possible.

Data Computer Services

Data Computer Services

Data Computer Services provides professional tailored IT Support and IT Services for businesses throughout Edinburgh and the Lothians.