In the build up to 2016, Chris Pace, head of product marketing at Wallix offers his predictions for the year ahead.
Security is security is security
2016 should be the year we stop categorising the difference between insider threats and externals attacks. The biggest challenge for the year ahead will be joining up traditional perimeter defences with better protection against attacks from the inside.
2016: Time to review internal security
Gartner has predicted that 95 per cent of cloud security failures will be the customer’s fault and more specifically, are attributable to poor internal security practices. Being able fully to trace and managed the internal movement of data isn’t just going to be important if you have a cloud provider.
It makes security sense too. If you look at the most high-profile hacks of recent years, weak internal defences are the common denominator. After the initial breach, when there are few internal barriers, lateral movement and therefore damage is easy. Strengthening internal access provision isn’t just a cyber threat deterrent, it prevents the likelihood of data breach from insiders, which actually accounts for the majority of data breaches. In 2016 we will have another reason too – complying with EU’s GDPR will require a review of how data is stored, processed and moved.
Cyber risk mitigation: Steps to take before investing in a cyber insurance policy
If your firm is considering a cyber insurance policy, you are not alone. Cyber is now considered the biggest threat to UK businesses and the meteoric rise of the cyber insurance market is proof of that demand. Paying an insurance company to share some business risk makes good commercial sense. But be warned, putting a cyber-premium in place does not guarantee a payout should a breach occur unless all required security measures are enforced.
According to a study we conducted, around half of IT pros weren’t able to tell if necessary security software updates were being made successfully, or if ex-employees or contractors still had access to the systems. Better, instead, focus on getting some of these basic security measures in place and ensuring the IT department is involved in any decision making regarding a cyber policy from the start.
Data loss to become a people issue, not just a tech problem
CISOs under pressure to provide impermeable defences against external threats may be relieved to hear current thinking suggests that enterprise security should be managed holistically, i.e., by the IT department working in conjunction with other business areas, like HR. Organisations may be missing ‘predictable behaviour cues’ that would presage a hack. In the holistic model, the IT department provides the IT security tools and the HR department provides the appropriate processes and procedures that need to be followed, as well as creating a necessarily more ‘vigilant’ culture.
With the Christmas bonus season nearly upon us, what’s the chance that a disappointed worker will start to display behaviour that warrants closer scrutiny?
TalkTalk Lessons: IT security needs to come out of the shadows
I sincerely hope there will be many lessons learned from the TalkTalk hack. Perhaps the most important is to have strong, IT-literate leadership. If cybercrime is the number one threat to UK business, why are there so few technology experts at board-level? TalkTalk should be the battering ram security professionals use to open up the C-suite over the next 12 months.
This festive season, that’s something we can all raise a glass to.
Image source: Shutterstock/m00osfoto