8 Tips To Navigate Enterprise Security Threats In 2017
In the final post of the three-part series on the evolving security landscape, we sample the experts’ tips on how to bolster our cyber security in 2017.
Posture is everything when it comes to fighting cyber criminals, says information security policy research organization, the Ponemon Institute.
In their race to be more competitive, too many companies give insufficient attention to assessing potential risks before engaging in new business opportunities and changes in operations, it explains.
The answer, says Ponemon, is simple: Slow down and adopt the right security posture.
Ensure the necessary security is built into the applications and that vulnerabilities are addressed. Use several application security controls such as penetration testing, security patch management, and dynamic and static scanning. And make persistent use of security technologies such as advanced access management systems, extensive deployment of encryption technologies, and enterprise deployment of governance, risk management, and compliance tools, it advises.
This methodical approach could be the best contribution you can make to your company’s security in 2017.
Here are eight pro tips for the coming year:
1) Create a security culture
Problem: Taking a overzealous approach to cyber security will alienate people and could inflict more damage on your organization than good.
Answer: Consider how the requirements of confronting the security threats your organization is most likely to face can be adapted to work best within your organizationonal culture, says the Information Security Forum. Anything else is destined to fail.
2) Consider the threats from within
Problem: Reorganizations or corporate acquisitions can create disgruntled or negligent employees, says the Ponemon Institute.
Answer: Ensure processes and technologies are in place to manage end user access to sensitive information, and that there are training and awareness programs to address risks to sensitive data caused by changes in organisational structure and new communication channels.
3) Mitigate third-party risk
Problem: It is not just vulnerabilities in your own systems that can cause problems to your organization, but also in those of your suppliers, customers and other associates.
Answer: Reduce the risk of taking on a significant new supplier or partner by conducting thorough audits and assessments of the third party’s data protection practices, says the Ponemon Institute.
4) Tackle awkward legacies
Problem: As many as 95 percent of automated teller machines in the US run on the 18-year-old Windows XP operating system, even though Microsoft stopped supporting it 15 years ago. It is not the only ageing technology in widespread use.
Answer: ISF recommends identifying and assessing your organization’s exposure to legacy technology. You should also update your system architecture and plan for modernization.
5) Beware the Internet of Things
Problem: Organizations will adopt the Internet of Things with enthusiasm, not realizing that many of these devices are insecure by design.
6) Make attacks less profitable
Problem: Money is the primary motivation of most cyberattacks. And it is a powerful motivator.
Answer: If we can chage the economics of the attack process, reduce the success rate of attacks, and make capture more likely, then we can make targets less interesting, says McAfee.
7) Improve visibility
Problem: Too often, organizations learn how well their assets are protected only after they suffer a breach, says McAfee. Shadow IT, clouds of all types, and the bring-your-own-device movement further obscure visibility.
Answer: Use tools that can identify and classify data, monitor its usage, apply appropriate policies or block movement if necessary. With these tools, organizations can more effectively quantify their risk profile, identify critical gaps, and appropriately focus resources.
8) Embrace the hierarchy
Problem: Security is a big task, getting bigger all the time.
Answer: Include senior business managers to help categorize and priorities threats and actions: particularly when time and budgets are limited, says ISF.
All Posts In This Series: