What are the main cyber security trends and focus areas for IT Managers and Chief Security Officers so far in 2018?
One thing we know for sure is that cyber security won’t be taking a lower profile as IT embeds itself at the core of organisations becoming a true business enabler.
IT is at the core of organisations and if there is a glitch then the business impact is profound. It is therefore beneficial to be able to focus limited resources and efforts on the priorities that will really
make the biggest difference.
So the question is what will be HOT and what will NOT in 2018. The list below, while not being exhaustive, gives a focus on what you should be prioritising.
25th May 2018 is the date the GDPR will come into force. The regulation will affect literally every organisation that holds personal data. With the increasing regulatory powers for investigation and enforcement, firms not complying with the regulation could face severe penalties.
GDPR must, therefore, be high on the list of business priorities and a comprehensive approach to GDPR compliance will necessitate a comprehensive review of policy, process and technology.
In the face of the new breed of sophisticated, adaptable forms of cyber attacks, traditional Anti-Virus is becoming redundant. The approach of traditional Anti-Virus which is based of signatures relies on threats having been detected and updates being propagated to clients before an attack occurs.
Organisations need multiple layers of protection to stand any chance of detecting and blocking new threats some of which can dynamically probe and adapt to the host environment.
Anti-Virus is still essential especially if it also monitors for abnormal behaviour, however if it is your primary line of defence, expect the worst, as Robert Mueller says, you will be attacked, depending solely on Anti-Virus increases the likelihood of it happen sooner and more frequent.
2017 saw the spread of global ransomware variants Wannacry and Nyetya. Wannacry made significant parts of the NHS powerless while Nyetya caused major losses for businesses. Fedex counted losses in excess of $300m and at one stage had to resort to WhatsApp for internal communications due to compromised email systems.
The ransomware ‘business model’ has stepped up a notch with it being made available to buy as a service. The avatar of the attacker has suddenly changed from a stereotypical hoody wearing geek to just about anyone who can pay with some Bitcoin.
Ransomware has been the most profitable form of cyber attack to date and franchising it just made it cement it’s pole position as the number one threat in 2018.
Statistics indicate that nearly 50% of workforces are mobile, meaning they access their organisation’s IT applications from remote locations to the organisation’s offices. The ubiquitous VPN has been the secure way of connecting.
With the various flavours and increasing range of users requiring connections, VPNs are becoming a greater management overhead and an increasing security risk especially if the controls are not kept up to date with the threats.
A need for a more sophisticated and granular method of providing remote access is emerging where users are connected only to what they require, when they require it and furthermore their security posture is established even before they are allowed any connectivity.
Organisations having realised the benefits of cloud adoption have embraced it while mitigating the risks as best they can. The benefits of the cloud in many instances include lower operational costs, agility, increased resilience and scalability.
Cloud adoption is also well suited to the growth of a mobile workforce who need anytime anywhere access to their applications. Securing the cloud data and user access is however an area of cloud implementation that is emerging as a focus area that businesses have not paid sufficient attention to.
Technologies such as secure DNS and the secure Internet gateway are solutions that are highly likely to gain a lot of traction as organisations audit and protect cloud connectivity from a range of emerging cyber threats.
There will inevitably be questions about security topics such as BlockChain, IoT and Phishing just to name a few. Let us know how your list wouldn’t be different.
Trial Cisco Umbrella for 14 Days, completely free and no obligations!
If you have read the last few updates you should now have a deeper understanding of Cloud Security, that’s great! But what can YOU do about it?
We are offering a 14 day trial of Cisco Umbrella, the industry’s first Secure Internet Gateway in the cloud.
Cisco Umbrella provides the first line of defence against threats on the internet. Because Umbrella is delivered from the cloud, it is the easiest way to protect all of your users in minutes.
It takes no time to install and you don’t have to provide any payment details (or even have a phone call).
So what’s to lose?
Click here to start your trial!