Turn the Tide on Cyber Security in 2016

By any measurement, 2015 was another bad year for the world in terms of cyber security. Despite record spending of more than $75 billion USD, losses were still estimated to be around $400 billion, with some firms predicting losses will grow to over $2 trillion by the end of 2020.

But 2016 doesn’t have to be another losing year for cyber security professionals, and there is a way forward to stem the rising global financial losses from organized cybercrime and nation-state actors.
There are lessons we can draw upon from the various high-profile breaches and security exploits ranging from attacks on web services, to the widely publicized car hacks, to the raid of personal data from government agencies and insurance firms.

From the increasing number of attacks on web services, we can learn the lesson of the importance of only keeping the data your organization requires to operate efficiently and to serve your customers’ needs. When customers are no longer customers, it’s time to get rid of the data. The easiest data to protect is the data you no longer hoard.

Let’s face it; every organization is guilty of data hoarding to some extent, whether that’s due to cheap storage costs and the ever-tempting promise of big data that may (and may not) provide key insights to develop new business approaches and strategies.

But keeping data that no longer has clear, tangible, direct benefits to the organization comes now with a security premium and your organization should carefully weigh the benefits of keeping the data versus the costs of securing it and the risk from the damage that it can do if it’s breached and released.

From the car hacks, we can learn the lesson that security can’t be an afterthought and is at its worst when it’s bolted on after the fact. There are also critical lessons to be learned from the way that the patching process was handled. (Patches should not set people up for a behavior that could someday compromise their vehicle’s security).

From attacks against government agencies and insurers, we learn the value and limits of integrated defensive technologies. The fact that these attacks were successful against organizations with significant security investments highlights that while systemic security solutions play a key role in modern security, they are also not the silver bullets that customers may believe them to be.

A true, holistic, pan-organization approach to cyber security is required to thrive and survive in 2016.

At the University of New Brunswick, a medium-sized teaching and research school in New Brunswick, Canada, we’ve embarked on a four-pronged strategy to improve our security and reduce our risk.

Each of these initiatives is just as important and integral to the overall success of the strategy as the other. The first three don’t even involve technology investments, while the fourth is a comprehensive, multi-year overhaul of our network and security architecture. Together they form our holistic approach to cybersecurity.

#1. The first initiative is a new IT security policy designed to help all levels of leadership at the university – including managers, directors, executives and the deans – understand their role in protecting UNB data and technology assets, and how they can help us effectively respond in a timely manner to incidents.

#2. The second initiative is a data governance exercise that forms one-half of a behavioral and cultural change effort. Through this exercise, the university aims to identify, classify and protect all sensitive data in its custody. In a highly decentralized organization, such as a university, this is not an easy feat. However, its importance cannot be overstated – you can’t protect the data you didn’t even know existed.

#3. The third initiative is a comprehensive, year-round cyber security awareness campaign that leverages computer-based training, a SaaS phishing testing and education platform, internal and external blog posts, items in internal communications e-newsletters, as well as group and one-on-one security briefings.

#4. The fourth initiative, a comprehensive overhaul of network and security architecture, will impact all aspects of information technology use at the university. The new architecture is based on a set of principles that will help UNB achieve a digital immune system through the use of technologies that share threat information. This threat information is then used to automate responses to different incidents based on threat severity and asset importance. To do this, the vision is for UNB to integrate technologies, such as NAC, SIEM, next generation firewalls, advanced gateway anti-malware, endpoint protection and asset management.

This level of integration is essential for the university to respond to the overwhelming scale of threats it faces on a daily basis with a limited number of human resources to handle incidents. This same problem will become increasingly acute across all sectors as the talent shortage in cyber security continues to persist.

Tackling cyber security in 2016 is going to take a lot of patience, strategic thinking and investment but if an organization can muster all of these elements, they will find themselves in much better shape to face an increasingly hostile online environment.

Tripwire: http://bit.ly/1YUrwKX

« Turkish Hackers Threaten To Shutdown Russian Government Websites
Cyberwar: Islamic State, Russia & China Hold The Advantage »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

SecPoint

SecPoint

SecPoint provides products to secure & protect your network from remote and local attacks.

Hack Miami

Hack Miami

HackMiami is the premier resource in South Florida for highly skilled hackers that specialize in vulnerability analysis, penetration testing, digital forensics, and all manner of IT security.

Fieldfisher

Fieldfisher

Fieldfisher's Technology, Outsourcing & Privacy Group has class-leading expertise in privacy, data & cybersecurity, digital media, big data, the cloud, mobile payments and mobile apps.

IT Security House

IT Security House

IT Security House is a leading European supplier of Cyber Security Intelligence and eCrime services.

Intezer Labs

Intezer Labs

The only solution replicating the concepts of the biological immune system into cyber-security. Intezer provides enterprises with unparalleled Threat Detection and accelerates Incident Response.

Metro Systems

Metro Systems

Metro Systems offer fully integrated IT solutions & services covering Digital Transformation, Digital Infrastructure, Cyber Security and Training.

Cybertron

Cybertron

Cybertron services include real-time monitoring and incident response and a cyber range for competency development.

QuillAudits

QuillAudits

QuillAudits offers advanced Ethereum, EOS, TRON smart contract audit, blockchain protocol security and formal verification to ensure your platform’s integrity.

Cloudrise

Cloudrise

Cloudrise are elevating cloud security, data protection, and privacy through assessment, technology enablement, and process automation.

ThriveDX

ThriveDX

ThriveDX, the world’s premier EdTech provider (formerly HackerU), champions digital transformation training as a means of empowering individuals to thrive in the age of digital disruption.

Security Weaver

Security Weaver

Security Weaver is a leading provider of governance, risk and compliance management (GRCM) software.

Opus Security

Opus Security

Opus dramatically reduces cloud security risks by enabling teams to define, orchestrate, automate and measure remediation processes across the entire distributed organization.

Skyhawk Security

Skyhawk Security

Skyhawk Security is the originator of Cloud threat Detection and Response (CDR), helping hundreds of users map and remediate sophisticated threats to cloud infrastructure in minutes.

Bastion Networks

Bastion Networks

Bastion are a security-focussed managed solution provider and consultancy. We work with advanced cyber security vendors to produce managed security solutions to protect from online threats.

SolidityScan

SolidityScan

SolidityScan is an advanced smart contract scanning tool designed to uncover vulnerabilities and proactively address risks within your code.

Onum

Onum

Onum helps security and IT leaders focus on the data that's most important. Gain control of your data by cutting through the noise for deep insights in real time.