The year 2017 may be known as the year of ransomware, but what will 2018 be known for? Though we cannot predict in what industry the next wave of ransomware will strike, or even when it will strike, we feel that "this may be the year" for cybersecurity to get a seat at the head table.
Data Security
As noted by Forbes, the three areas hit hard by large-scale breaches in 2017 included financial and credit data, healthcare care information, and government clearance information. And as Gil Press clearly points out, "Our Identity is no longer ours", as the validity of Personally Identifiable Information (PII) has been compromised during the last few years.
As we close out on our first month of the year, the number of and magnitude of data breaches that occurred is alarming. From Equifax in 2017 to Aadhaar's data breach right after the new year began, it remains abundantly clear that data security is still a significant challenge for organizations.
System Security
Passwords
Password hacking techniques have evolved, and though many organizations are concerned about data being stolen or compromised, password security practices must also be evaluated. From 2016 to 2017 the DBIR reported an increase in the percentage of security incidents involving weak, default, or stolen passwords, with an increase of 63 to 81 percent.
In 2017, we talked about password security weaknesses, which included:
- Shared system credentials
- Providing passwords to direct managers
- Handing account access to coworkers
- Physically recording passwords on paper or digital documents
And though the idea of putting a password on a post-it note, or even on a piece of paper may seem archaic, and obviously insecure, there have been reports of the Hawaii agency that alerted the state to a false missile alarm kept passwords on post-its.
People
As we have learned over time, your people are the weakest link. As we previously discussed, whether intentional or accidental, insider threats continue to plague organizations.
With the latest Opus and Ponemon survey, the number one concern as to why a data breach will occur and the top security threat: is the human factor. The survey also reports that 70% of CISOs cite “lack of competent in-house staff” as their number one concern and 65% state “inadequate in-house expertise” as the top reason they are likely to have a data breach.
Cybersecurity tips for staff can include:
- Meet to conduct IT security training
- No downloading of unauthorized software
- Define and explain cybersecurity policies
- Implement password protocols
- Educate employees about phishing scams
Policy
At the start of 2017, we released a blog to our readers with 13 Reasons Outdated Data Security Policies Put Companies at Risk. Some of those factors included:
- Unmanageable Environment Changes
- Not screening newly hired associates or vendors
- No incident response plan
- Minimal formal security awareness
- Uncertainty of compliance initiatives
Ultimately maintaining a safe network is the goal for organizations, and in order to begin or even enforce any type of policy, an organization has to begin by knowing what the current policy is.
With the General Data Protection Regulation (GDPR) deadline looming in May 2018, these regulations will not just set policy on how businesses handle the data but will also ensure businesses comply by levying fines.
Ray Schultz's recent post on GDPR readiness show only 33 percent of companies overall are hiring a third party to conduct a GDPR analysis and less than 20 percent are hiring a Data Protection Officer (DPO).
Cybersecurity at the Head Table
With cyberattacks reported to be targeting small businesses at a rate of 61 percent, and large organizations in the news regarding larger breaches, cybersecurity concerns are beginning to matter to organizations of every size. Christopher Young of McAfee was recently noted as talking about the incorporation of cybersecurity within the company culture and its importance.
The above security objectives combined with the right software may help with data security and enforce cybersecurity policies. File Integrity Monitoring (FIM) is used by many as a way to secure systems from zero-day attacks, manage change within the IT infrastructure, and meet compliance objectives with regulations such as PCI DSS, HIPAA, GDPR, NERC, FISMA, and GLBA compliance.
The FIM market is expected to increase from $513 million to $986 million by 2022, as organizations have an increased need to protect and secure data. Want to learn more about how to keep your infrastructure secure? Download the Definitive Guide to File Integrity Monitoring today.
Tags:
CybersecurityJanuary 18, 2018