Information security will remain top of mind for most executives throughout 2016. Not surprising, considering that cybercriminals are becoming more sophisticated and collaborative. Steve Durbin, managing director of the Information Security Forum (ISF) notes, “As we move into 2016, attacks will continue to become more innovative and sophisticated. Unfortunately, while organizations are developing new security mechanisms, cybercriminals are cultivating new techniques to evade them.”
Sobering feedback for sure. However Durbin also says that, “By preparing for the unknown, organizations will have flexibility to withstand unexpected, high impact security events.”
In light of these insights, HOSTING offers five information security resolutions to keep in 2016.
Know who is using your data and for what purpose
Big data will continue to play a significant role in organizations’ operations. However, organizations need to not only understand their data, but also have solid knowledge of how it’s being used and by whom. Data integrity will become increasingly important as cyber criminals not only steal information, but gain the expertise in order to manipulate it. Companies that outsource their code creation should be particularly skeptical about the quality and security of their information.
Understand the implications of BYOD, mobility and IoT
Regardless of whether they have a formal BYOD policy in place, organizations are faced with increasingly mobile workforces. Smartphones, laptops, tablets and wearable devices are causing a surge in demand for mobile apps, causing some developers to take shortcuts in security and testing. This can lead to vulnerabilities that are readily exploited by hackers and cybercriminals.
HOSTING recommends that IT executives ensure that apps developed in-house follow the testing steps in a recognized systems development lifecycle approach. They should also recognize that mobility encompasses more than just smartphones. Executives need to have a process in place that accounts for all employee mobile devices including laptops, tablets and wearable devices.
Adopt a future-focused approach to cybersecurity
In 2016, IT leaders will face increasingly sophisticated cyber threats, hacktivism and compliance costs. As we emphasized in our recent HOSTING webinar, How to Spend Your Cloud Security Dollar, the human factor is often the weakest link in a company’s security program. Therefore, organizations should focus only on potential external threats to their perimeter, but also consider inside threats that can pose more significant risks.
CIOs should also promote an attitude and culture of security that is prevalent throughout the organization, with full support from executive and board leadership.
Understand what information assets government agenices are able to ask for
According to Durbin, government involvement in cyberspace will cause confusion and unintended consequences for organizations that rely on it. Even organizations that aren’t implicated in any illegal activity will suffer collateral damage as authorities intensify their scrutiny on their operations, and in some cases demand access to their data.
Durbin recommends that organizations have a clear understanding of what information assets governments are able to ask for, and be open about it with their partners.
Proactively address your organization’s IT skills gap
According to HOSTING compliance manager Trent Baker, “Cybercrime is a well-oiled and organized entity on the internet today. The ‘good guys’ are outnumbered and playing catchup so I see it as being just a matter of time before they create the perfect cyber-storm.”
Not only are IT departments faced with limited resources, but their existing teams may not have the skill set needed to develop, implement and manage a strong security program. Organizations need to assess their IT resources in order to ensure that they are prepared and ready to deal with emerging security challenges.
Contact HOSTING anytime for help in keeping these resolutions. Our team of certified information security systems experts helps organizations assess their security postures, and develop custom plans to proactively defend against cyber threats, attacks and hacktivism.