With another year of too many high profile, and quite frankly avoidable, data breaches under our belts, it’s time to take a look forward and identify areas where you may be able to improve your security program and hopefully become more efficient and reduce risk more effectively.
The list below is based on my late year 2017 conversations with numerous CISOs and where they see making the biggest investments and effort in the year ahead will help them improve the most. Perhaps you’ll find the most recurring themes from these conversations useful, too.
Getting betting at the basics. There’s a reason why athletes, or those proficient in anything, make certain to keep themselves sharp with the basics. It’s because the basics, while the essentials, aren’t always necessarily easy to do at high performance day after day. The same is true for security organizations. Getting identity management, vulnerability management, good software development hygiene in place in continuous development pipelines, configuration management, and cloud security, and more. Now is a good time, to take a had look at how well your organization focuses on the basics, and improve were improvement can be made.
Automate. As we’ve covered in Automation Is Key, as enterprises move from their legacy data centers to hybrid cloud, and embrace containerization and microservices, it is fundamentally changing the way they must secure their environments. The increase speed, agility, and complexity of cloud absolutely demands that automation is increased as possible and where possible.
Learn what AI means to your organization. The year 2018 will be the year many organizations grapple with how they’ll manage AI in their cybersecurity efforts. The CISOs I interviewed expect machine learning in the next year to be an absolute necessity to keeping up with threats and incident response, but it’s expected to be a matter of the algorithms augmenting the human analyst and not replacing them. Mastering these new toolsets will be (or should be) a priority. But as Luana Pascu wrote in Limitations of Machine Learning algorithms in malware detection isn’t a silver bullet as much as a new tool at our disposal.
Get better at defending ransomware and extortion attacks. Ransomware grew in a profound way in 2017 and there’s no reason to think that this is a trend that will change any time soon. In fact, ransomware attacks are likely to grow more severe over the next few years, and following the success of WannaCry, NotPetya and BadRabbit expect different types of systems to be targeted by these attacks.
If You are DevOps, get CI/CD QA Down.
More organizations today are deploying via continuous delivery pipelines. Their software is continuously being updated, and then deployed on a rapid schedule. This means when it comes to secure software development lifecycle, getting automated tests and manual handoffs when necessary right. It’s not easy, and it’s a radical change to the secure software development lifecycle. So if not done so already, invest the resources and effort to master software security in continuous delivery.
GDPR Compliance. GDPR is going to be a big focus this year as enterprises scramble to comply with the new directives:
- EU citizen personally identifiable information (PII) must be adequately protected, managed, and controlled.
- Data breaches must be reported within 72 hours.
- Non-compliant organizations are at risk to significant fines, from 4 percent of annual revenue down to €20 million.
Organizations not yet compliant (and there are many of them) are going to have to identify any data that falls under GDPR control, including personal data that EU organizations collect and manage. This also includes any international companies that operate in the EU and hold such data. There also going to have to document how those data are secured: how it’s protected, who has access and how that access is determined and managed. Finally, a The breach response plan needs to be comprehensive, ready, and well-practiced. Further, how data is governed over time needs to be set forth and managed.
When it comes to implementing cybersecurity intentions this year, not every organization is the same, so the areas your organization may need to focus on could be vastly different. The important thing is to find the most pressing risks and your areas of weaker performance or vulnerabilities and improve them as the year progresses.