Turn the Tide on Cyber Security in 2016

By any measurement, 2015 was another bad year for the world in terms of cyber security. Despite record spending of more than $75 billion USD, losses were still estimated to be around $400 billion, with some firms predicting losses will grow to over $2 trillion by the end of 2020.

But 2016 doesn’t have to be another losing year for cyber security professionals, and there is a way forward to stem the rising global financial losses from organized cybercrime and nation-state actors.
There are lessons we can draw upon from the various high-profile breaches and security exploits ranging from attacks on web services, to the widely publicized car hacks, to the raid of personal data from government agencies and insurance firms.

From the increasing number of attacks on web services, we can learn the lesson of the importance of only keeping the data your organization requires to operate efficiently and to serve your customers’ needs. When customers are no longer customers, it’s time to get rid of the data. The easiest data to protect is the data you no longer hoard.

Let’s face it; every organization is guilty of data hoarding to some extent, whether that’s due to cheap storage costs and the ever-tempting promise of big data that may (and may not) provide key insights to develop new business approaches and strategies.

But keeping data that no longer has clear, tangible, direct benefits to the organization comes now with a security premium and your organization should carefully weigh the benefits of keeping the data versus the costs of securing it and the risk from the damage that it can do if it’s breached and released.

From the car hacks, we can learn the lesson that security can’t be an afterthought and is at its worst when it’s bolted on after the fact. There are also critical lessons to be learned from the way that the patching process was handled. (Patches should not set people up for a behavior that could someday compromise their vehicle’s security).

From attacks against government agencies and insurers, we learn the value and limits of integrated defensive technologies. The fact that these attacks were successful against organizations with significant security investments highlights that while systemic security solutions play a key role in modern security, they are also not the silver bullets that customers may believe them to be.

A true, holistic, pan-organization approach to cyber security is required to thrive and survive in 2016.

At the University of New Brunswick, a medium-sized teaching and research school in New Brunswick, Canada, we’ve embarked on a four-pronged strategy to improve our security and reduce our risk.

Each of these initiatives is just as important and integral to the overall success of the strategy as the other. The first three don’t even involve technology investments, while the fourth is a comprehensive, multi-year overhaul of our network and security architecture. Together they form our holistic approach to cybersecurity.

#1. The first initiative is a new IT security policy designed to help all levels of leadership at the university – including managers, directors, executives and the deans – understand their role in protecting UNB data and technology assets, and how they can help us effectively respond in a timely manner to incidents.

#2. The second initiative is a data governance exercise that forms one-half of a behavioral and cultural change effort. Through this exercise, the university aims to identify, classify and protect all sensitive data in its custody. In a highly decentralized organization, such as a university, this is not an easy feat. However, its importance cannot be overstated – you can’t protect the data you didn’t even know existed.

#3. The third initiative is a comprehensive, year-round cyber security awareness campaign that leverages computer-based training, a SaaS phishing testing and education platform, internal and external blog posts, items in internal communications e-newsletters, as well as group and one-on-one security briefings.

#4. The fourth initiative, a comprehensive overhaul of network and security architecture, will impact all aspects of information technology use at the university. The new architecture is based on a set of principles that will help UNB achieve a digital immune system through the use of technologies that share threat information. This threat information is then used to automate responses to different incidents based on threat severity and asset importance. To do this, the vision is for UNB to integrate technologies, such as NAC, SIEM, next generation firewalls, advanced gateway anti-malware, endpoint protection and asset management.

This level of integration is essential for the university to respond to the overwhelming scale of threats it faces on a daily basis with a limited number of human resources to handle incidents. This same problem will become increasingly acute across all sectors as the talent shortage in cyber security continues to persist.

Tackling cyber security in 2016 is going to take a lot of patience, strategic thinking and investment but if an organization can muster all of these elements, they will find themselves in much better shape to face an increasingly hostile online environment.

Tripwire: http://bit.ly/1YUrwKX

« Turkish Hackers Threaten To Shutdown Russian Government Websites
Cyberwar: Islamic State, Russia & China Hold The Advantage »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

A10 Networks

A10 Networks

A10 Networks is a leader in application networking, helping organizations of all sizes to accelerate, optimize and secure their applications.

Zscaler

Zscaler

Zscaler enables the world’s leading organizations to securely transform their networks and applications for a mobile and cloud first world.

Puppet

Puppet

Puppet is a leader in IT automation. Our software helps DevOps securely automate configuration and management of machines and the software running on them.

Zadara Storage

Zadara Storage

Zadara provide complete data backup and protection delivered as a fully-managed service.

Igloo Security

Igloo Security

Igloo Security is a leader and pioneer in SIEM (Security Information & Event Management), PSIM (Physical Security Information Management) and MSS (Managed Security Services).

Thinkst Applied Research

Thinkst Applied Research

Thinkst is an Applied Research company with a deep focus on information security.

IoT Security Institute (IoTSI)

IoT Security Institute (IoTSI)

IoT Security Institute is an academic and industry body dedicated to providing frameworks and supporting educational services to assist in managing security within an Internet of Things eco-system.

Estio Training

Estio Training

Estio Training is a specialist digital and IT apprenticeships provider, dedicated to introducing new skills and developing existing talent in businesses across the UK.

JM Search

JM Search

JM Search’s Information Technology Executives Practice sources the most sought-after technology roles including CIO, CTO, CISO, CDO and other senior posts.

High Security Center (HSC)

High Security Center (HSC)

High Security Center provide real-time threat protection. We protect your company from targeted and persistent attacks using technologies such as Machine Learning and Behavioral Analysis.

Absa Cybersecurity Academy

Absa Cybersecurity Academy

Absa Cybersecurity Academy is an initiative aimed at empowering marginalised South African youths to become certified cybersecurity specialists.

Maritime Cyber Threats Research Group - University of Plymouth

Maritime Cyber Threats Research Group - University of Plymouth

The Maritime Cyber Threats research group of the University of Plymouth is focused on investigating marine cyber threats and researching solutions.

NAK Consulting Services

NAK Consulting Services

NAK is helping organisations to create Secure, Agile IT Environments. Our goal is to be the trusted advisor and managed service partner for our clients.

Verisign

Verisign

Verisign is a Global Leader in Domain Names & Internet Security, providing protection for websites and enterprises around the world.

Obscure Technologies

Obscure Technologies

Obscure Technologies is a firm of experts, specialised in brokering the best security solutions to market.

Hackurity.io

Hackurity.io

Hackurity.io is a high energy IT security start-up founded in 2021 out of the frustration that IT Security is highly fragmented and reactive.