Turn the Tide on Cyber Security in 2016

Uploaded on 2016-01-04 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

By any measurement, 2015 was another bad year for the world in terms of cyber security. Despite record spending of more than $75 billion USD, losses were still estimated to be around $400 billion, with some firms predicting losses will grow to over $2 trillion by the end of 2020.

But 2016 doesn’t have to be another losing year for cyber security professionals, and there is a way forward to stem the rising global financial losses from organized cybercrime and nation-state actors.
There are lessons we can draw upon from the various high-profile breaches and security exploits ranging from attacks on web services, to the widely publicized car hacks, to the raid of personal data from government agencies and insurance firms.

From the increasing number of attacks on web services, we can learn the lesson of the importance of only keeping the data your organization requires to operate efficiently and to serve your customers’ needs. When customers are no longer customers, it’s time to get rid of the data. The easiest data to protect is the data you no longer hoard.

Let’s face it; every organization is guilty of data hoarding to some extent, whether that’s due to cheap storage costs and the ever-tempting promise of big data that may (and may not) provide key insights to develop new business approaches and strategies.

But keeping data that no longer has clear, tangible, direct benefits to the organization comes now with a security premium and your organization should carefully weigh the benefits of keeping the data versus the costs of securing it and the risk from the damage that it can do if it’s breached and released.

From the car hacks, we can learn the lesson that security can’t be an afterthought and is at its worst when it’s bolted on after the fact. There are also critical lessons to be learned from the way that the patching process was handled. (Patches should not set people up for a behavior that could someday compromise their vehicle’s security).

From attacks against government agencies and insurers, we learn the value and limits of integrated defensive technologies. The fact that these attacks were successful against organizations with significant security investments highlights that while systemic security solutions play a key role in modern security, they are also not the silver bullets that customers may believe them to be.

A true, holistic, pan-organization approach to cyber security is required to thrive and survive in 2016.

At the University of New Brunswick, a medium-sized teaching and research school in New Brunswick, Canada, we’ve embarked on a four-pronged strategy to improve our security and reduce our risk.

Each of these initiatives is just as important and integral to the overall success of the strategy as the other. The first three don’t even involve technology investments, while the fourth is a comprehensive, multi-year overhaul of our network and security architecture. Together they form our holistic approach to cybersecurity.

#1. The first initiative is a new IT security policy designed to help all levels of leadership at the university – including managers, directors, executives and the deans – understand their role in protecting UNB data and technology assets, and how they can help us effectively respond in a timely manner to incidents.

#2. The second initiative is a data governance exercise that forms one-half of a behavioral and cultural change effort. Through this exercise, the university aims to identify, classify and protect all sensitive data in its custody. In a highly decentralized organization, such as a university, this is not an easy feat. However, its importance cannot be overstated – you can’t protect the data you didn’t even know existed.

#3. The third initiative is a comprehensive, year-round cyber security awareness campaign that leverages computer-based training, a SaaS phishing testing and education platform, internal and external blog posts, items in internal communications e-newsletters, as well as group and one-on-one security briefings.

#4. The fourth initiative, a comprehensive overhaul of network and security architecture, will impact all aspects of information technology use at the university. The new architecture is based on a set of principles that will help UNB achieve a digital immune system through the use of technologies that share threat information. This threat information is then used to automate responses to different incidents based on threat severity and asset importance. To do this, the vision is for UNB to integrate technologies, such as NAC, SIEM, next generation firewalls, advanced gateway anti-malware, endpoint protection and asset management.

This level of integration is essential for the university to respond to the overwhelming scale of threats it faces on a daily basis with a limited number of human resources to handle incidents. This same problem will become increasingly acute across all sectors as the talent shortage in cyber security continues to persist.

Tackling cyber security in 2016 is going to take a lot of patience, strategic thinking and investment but if an organization can muster all of these elements, they will find themselves in much better shape to face an increasingly hostile online environment.

Tripwire: http://bit.ly/1YUrwKX

« Turkish Hackers Threaten To Shutdown Russian Government Websites
Cyberwar: Islamic State, Russia & China Hold The Advantage »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

VMworld

VMworld

VMworld is a global conference for virtualization and cloud computing, including associated security issues.

Interpol

Interpol

Interpol is the world’s largest international police organization. It is committed to the global fight against cybercrime, as well as tackling cyber-enabled crimes.

Cyber Defense Agency (CDA)

Cyber Defense Agency (CDA)

Cyber Defense Agency is a premier professional services firm specializing in cyber security, computer network defense, and information security.

AlAnsari Technical Solutions (ATS)

AlAnsari Technical Solutions (ATS)

ATS is a Kuwait based company specialised in delivering hardware/software, Virtualisation, IP Telephony / Unified Communication, Networking and professional IT services and solutions.

Uniwan

Uniwan

Uniwan is an IT services company specializing in networking and security.

iSolutions

iSolutions

iSolutions is an official reseller and engineering company of leading products and solutions for cybersecurity and information protection, optimization, visualization and control of applications

LogicalTrust

LogicalTrust

LogicalTrust security testing specialists find the weakest points in your company and show you how to fix them step-by-step, as well as how to improve your security.

Psybersafe

Psybersafe

Psybersafe is a hands-on, behaviour-changing training system that keeps your people and your business cyber safe.

Coretelligent

Coretelligent

Coretelligent is a leading providers of Managed and Co-Managed IT, cybersecurity and private cloud services.

Cymune

Cymune

At Cymune we help businesses to fight against cybercrime, protect patented data and diminish security risks.

Quartz Network

Quartz Network

Quartz Network is a curated community for change-makers, up-and-comers, and professionals who are ready to grow, adapt, and thrive.

Avrem Technologies

Avrem Technologies

Avrem Technologies is a business IT and cybersecurity consulting firm. We design, implement, manage and monitor the networks, servers, computers and software that our clients rely on each day.

Redington Group

Redington Group

Redington offer products and services in solution areas including digital transformation, hybrid infrastructure and cybersecurity.

Krash Consulting

Krash Consulting

Krash Consulting is a premier provider of Cyber Security solutions, offering a range of services to safeguard businesses against cyber-attacks, minimize fraud, and protect brand reputation globally.

SKADI Cyber Defense

SKADI Cyber Defense

At SKADI Cyber Defense, we specialize in enterprise-grade cybersecurity solutions tailored for small to medium businesses.

Click Studios

Click Studios

Click Studios is an Agile software development company specialising in the development of a secure Enterprise Password Management solution called Passwordstate.