Turn the Tide on Cyber Security in 2016

Uploaded on 2016-01-04 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

By any measurement, 2015 was another bad year for the world in terms of cyber security. Despite record spending of more than $75 billion USD, losses were still estimated to be around $400 billion, with some firms predicting losses will grow to over $2 trillion by the end of 2020.

But 2016 doesn’t have to be another losing year for cyber security professionals, and there is a way forward to stem the rising global financial losses from organized cybercrime and nation-state actors.
There are lessons we can draw upon from the various high-profile breaches and security exploits ranging from attacks on web services, to the widely publicized car hacks, to the raid of personal data from government agencies and insurance firms.

From the increasing number of attacks on web services, we can learn the lesson of the importance of only keeping the data your organization requires to operate efficiently and to serve your customers’ needs. When customers are no longer customers, it’s time to get rid of the data. The easiest data to protect is the data you no longer hoard.

Let’s face it; every organization is guilty of data hoarding to some extent, whether that’s due to cheap storage costs and the ever-tempting promise of big data that may (and may not) provide key insights to develop new business approaches and strategies.

But keeping data that no longer has clear, tangible, direct benefits to the organization comes now with a security premium and your organization should carefully weigh the benefits of keeping the data versus the costs of securing it and the risk from the damage that it can do if it’s breached and released.

From the car hacks, we can learn the lesson that security can’t be an afterthought and is at its worst when it’s bolted on after the fact. There are also critical lessons to be learned from the way that the patching process was handled. (Patches should not set people up for a behavior that could someday compromise their vehicle’s security).

From attacks against government agencies and insurers, we learn the value and limits of integrated defensive technologies. The fact that these attacks were successful against organizations with significant security investments highlights that while systemic security solutions play a key role in modern security, they are also not the silver bullets that customers may believe them to be.

A true, holistic, pan-organization approach to cyber security is required to thrive and survive in 2016.

At the University of New Brunswick, a medium-sized teaching and research school in New Brunswick, Canada, we’ve embarked on a four-pronged strategy to improve our security and reduce our risk.

Each of these initiatives is just as important and integral to the overall success of the strategy as the other. The first three don’t even involve technology investments, while the fourth is a comprehensive, multi-year overhaul of our network and security architecture. Together they form our holistic approach to cybersecurity.

#1. The first initiative is a new IT security policy designed to help all levels of leadership at the university – including managers, directors, executives and the deans – understand their role in protecting UNB data and technology assets, and how they can help us effectively respond in a timely manner to incidents.

#2. The second initiative is a data governance exercise that forms one-half of a behavioral and cultural change effort. Through this exercise, the university aims to identify, classify and protect all sensitive data in its custody. In a highly decentralized organization, such as a university, this is not an easy feat. However, its importance cannot be overstated – you can’t protect the data you didn’t even know existed.

#3. The third initiative is a comprehensive, year-round cyber security awareness campaign that leverages computer-based training, a SaaS phishing testing and education platform, internal and external blog posts, items in internal communications e-newsletters, as well as group and one-on-one security briefings.

#4. The fourth initiative, a comprehensive overhaul of network and security architecture, will impact all aspects of information technology use at the university. The new architecture is based on a set of principles that will help UNB achieve a digital immune system through the use of technologies that share threat information. This threat information is then used to automate responses to different incidents based on threat severity and asset importance. To do this, the vision is for UNB to integrate technologies, such as NAC, SIEM, next generation firewalls, advanced gateway anti-malware, endpoint protection and asset management.

This level of integration is essential for the university to respond to the overwhelming scale of threats it faces on a daily basis with a limited number of human resources to handle incidents. This same problem will become increasingly acute across all sectors as the talent shortage in cyber security continues to persist.

Tackling cyber security in 2016 is going to take a lot of patience, strategic thinking and investment but if an organization can muster all of these elements, they will find themselves in much better shape to face an increasingly hostile online environment.

Tripwire: http://bit.ly/1YUrwKX

« Turkish Hackers Threaten To Shutdown Russian Government Websites
Cyberwar: Islamic State, Russia & China Hold The Advantage »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

DTEX Systems

DTEX Systems

DTEX Systems is the global leader for insider risk management. We empower organizations to prevent data loss by proactively stopping insider risks from becoming insider threats.

International Conference on Information Systems Security & Privacy (ICISSP)

International Conference on Information Systems Security & Privacy (ICISSP)

The ICISSP event is a meeting point for researchers and practitioners to address security and privacy challenges concerning information systems.

IoT European Research Cluster (IERC)

IoT European Research Cluster (IERC)

IERC brings together EU-funded projects with the aim of defining a common vision for IoT technology and development research challenges.

Waratek

Waratek

Waratek is a pioneer in the next generation of application security solutions known as Runtime Application Self-Protection or RASP.

Boldon James

Boldon James

Boldon James are market leaders in data classification and secure messaging software.

Seqrite

Seqrite

Seqrite offers a highly advanced range of enterprise and IT security solutions to protect your organization's most critical data.

US Cyber Range

US Cyber Range

US Cyber Range is a scalable, cloud-hosted infrastructure providing students with virtual environments for realistic, hands-on cybersecurity labs and exercises.

Stratejm

Stratejm

Stratejm, a Next Generation Managed Security Services Provider, brings innovation and thought leadership to the fight against cyber criminals.

Integrity

Integrity

Integrity is a PCI QSA and ISO 27001 certified company specialized in Information Security and IT Consulting.

National Cyber Coordination & Command Centre (NC4) - Malaysia

National Cyber Coordination & Command Centre (NC4) - Malaysia

NC4 is established as a center for dealing with cyber threats and crisis at the national level in Malaysia.

BlueHalo

BlueHalo

BlueHalo is purpose-built to provide industry capabilities in the domains of Space Superiority and Directed Energy, Missile Defense and C4ISR, and Cyber and Intelligence.

Digimune

Digimune

Digimune is an all-encompassing cloud-based cyber risk protection platform that guards you against the dangers of our digital world.

FusionAuth

FusionAuth

FusionAuth is the customer authentication and authorization platform that makes developers' lives awesome.

SecureLake

SecureLake

SecureLake (formerly Managni) is one of the most trusted US-based IT security and infrastructure companies.

Cyber Qubits

Cyber Qubits

Cyber Qubits is a cybersecurity training and consulting company focused on developing the next generation of cybersecurity professionals.

Invisinet Technologies

Invisinet Technologies

Invisinet is a cybersecurity technology company specializing in innovative solutions that protect network infrastructure and critical assets from advanced threats.