Introduction
In the face of increasing cyber attacks and more complex, stringent data privacy laws, IT security has become an increasingly important discussion for the boardrooms of organisations across industries.
The IT security responsibility should lie with the CIO, but the culture of security should be adopted by a whole organisation. After all, the biggest cause of cyber security incidents results from employee negligence.
Cyber security efforts continue to flail against the growing number and variations of different cyber attacks. PwC’s Global State of Information Security Survey 2018 – of 9,500 senior business and technology executives from 122 countries, including 560 UK respondents spanning large to small businesses and public sector organisations – found that more than a quarter of UK organisations (28%) don’t know how many cyber attacks they suffered in the past year, and a third (33%) admitted to not knowing how the incidents they faced occurred.
To combat and understand these threats effectively, CIOs and IT executives need to establish an effective IT security strategy that uses the right tools and technologies, while fostering a culture of security.
In this guide, readers can explore how to implement an IT security strategy; attack prevention, the threat to business, the latest information on security solutions and companies, the impact of new regulation, the government’s response to security, dealing with the cyber security skills gap and how other companies are handling the changing IT security landscape.
Section 1 – Implementing an IT security strategy
Section 2 – Culture of security
Section 3 – Types of attack and how to mitigate
Section 4 – AI in security
Section 5 – Mobile security
Section 6 – Cloud security
Section 7 – IoT security
Section 8 – Regulation’s impact on security
Section 9 – Government and security
Section 10 – Responding to the cyber security skills crisis
1. Implementing an IT security strategy
The increasing number of cyber threats, and the financial and reputational implications of a data breach means that organisations need to adopt an the right IT security strategy for their organisation.
This section delves into what trends to look out for and how to protect your organisation, by adopting the best security strategy practices.
_______________________________________________
Feature
5 cyber security trends for 2018
The changing cyber threat landscape has corresponded with the evolution of IT, and organisations must take advantage of the new technologies available to provide better security protection. Continue reading
_______________________________________________
Feature
How to protect an organisation: Cyber security tips
Unfortunately, given the thousands of attacks directed at organisations everyday, the chance of keeping out every threat is slim to none. However, there are steps organisations can take to mitigate the risk, and respond in effective manner in the event of a breach. Continue reading
_______________________________________________
Feature
Cyber security is a ‘people problem’
Ultimately, in order to instigate an effective cyber security strategy, CIOs must foster a culture of security within the whole company. Only then will companies be the most secure they can be. Continue reading
Cyber security in the workplace is everyone’s business
Following in the same vein, it is the responsibility of everyone to make sure a company is implementing effective cyber security practices. Continue reading
_______________________________________________
Blog post
The importance of an integrated security strategy
Andrew Avanessian, the COO at Avecto, suggests that integrated security strategies with complementary solutions are more effective than multiple layers of complex protection software. Continue reading
_______________________________________________
Advice
6 critical steps for responding to a cyber attack
In the case of a successful cyber attack, which is likely, organisations and their CIOs need to have an effective response plan in place. Continue reading
Prevention, detection and response
The key to successfully navigating a cyber security breach, lies in prevention, detection and response. John Bruce, CEO of Resilient, discusses these essentials here
_______________________________________________
2. Culture of security
The biggest weakness in an organisation’s armour is the employee. Due to negligence or laziness, the insider threat (whether intentional or not) represents the biggest threat to a business.
This section will cover how to foster a culture of security, and the importance of staff security training.
_______________________________________________
Feature
The importance of creating a cyber security culture
The most vulnerable companies will always be those that fail to create a culture of security. How do you create that? Find out here
_______________________________________________
Blog post
Cultivating a culture of information security
Organisations need to think about information security as a business that facilitates increased competitive advantage and improved security. Continue reading
_______________________________________________
Analysis
Insider threat: Majority of security incidents come from the extended enterprise, not hacking groups
Threats from an employee – inadvertent or malicious – make up 42% of incidents, a number that has increased from 2015 when 39% of incidents originated from inside an organisation’s network. Continue reading
_______________________________________________
Blog post
Why insider threats are the next big security challenge
There are lots of security solutions sold by vendors, but what about the threat from within? Continue reading
_______________________________________________
Feature
How to prevent the most dangerous cyber threat: Insider attacks
Employee complacency is an overlooked risk factor for organisations, particularly when it comes to ensuring that the latest software versions or updates are installed. Continue reading
_______________________________________________
Blog post
The insider threat: 5 things to do if your employee has gone rogue
Sometimes an employee will intentionally leak an organisation’s data. Here is how to respond if this happens to you
_______________________________________________
Advice
Staff training key in defending against cyber attacks
Basic training could have a huge impact on security for those employees who inadvertently leak their organisation’s data. But, have UK businesses missed an opportunity with this? Continue reading
_____________________________________
3. Types of attack and how to mitigate
CIOs and businesses should anticipate the growth of DDoS, IoT and ransomware attacks. These attacks will continue to plague businesses in their variation and frequency, along with the increased determination of hackers, as the value of data soars.
_____________________________________
Feature
Ransomware represents ‘25% of cyber attacks’ as hackers target UK
Following the global attention of WannaCry and Not/Petya last year, ransomware is now the most likely threat to UK businesses, unsparring in what industry it targets. Continue reading
_____________________________________
Advice
Migrating data to prevent ransomware attacks
By creating gaps between back-ups – with data being stored offline and disconnected from any other data source – it becomes possible to protect critical data, and restore it without much downtime. Continue reading
_____________________________________
Feature
What can be expected from DDoS attacks in 2018?
The number of DDoS attacks almost doubled in the second half of 2017, with many companies experiencing an average of 8 attacks per day. The problem is exacerbated by the reality that DDoS attacks have become far more complex and deceptive in recent years. They are no longer simply designed to deny service, but to deny security, by acting as a camouflage to mask other malicious activities. Continue reading
_____________________________________
Advice
How organisations can eliminate the DDoS attack ‘blind spot’
Critical to any realistic DDoS defence strategy is proper visualisation and analytics into these increasing security events. Continue reading
_____________________________________
Advice
Top female CIO on IoT implementation and security
IoT cyber security attacks are still flying under the radar, but ForeScout‘s CIO – Julie Cullivan – looks to tackle the problem head on. Read on to see her IoT security strategy
_____________________________________
4. AI in security
Security solutions come with a range of technologies, but artificial intelligence is one that will help change the game for CIOs in protecting their business. AI solutions are in their relative infancy. However, as cybercriminals increasingly use automation-led hacking techniques, businesses will need to respond in kind. There are a number of these solutions on the market, and their pedigree will improve significantly over the next couple of years.
Cybel Angel - prevention and real-time detection cyber incidents
Cylance - cybersecurity that predicts, prevents and protects from threats
Darktrace - spots patterns and prevent cyber crimes before they occur
Deep Instinct - zero day attacked protection for endpoints and mobile
Delphi - security against malware and malicious internet activity
Demisto - combines security orchestration and incident management Drawbridge Networks - security-as-a-service
Emergent - helps predict where hackers will attack
Graphistry - helps teams investigate cyber threats quickly and easilyLeapYear - extracts threat insights from sensitive data
Pelican - a more intelligent and secure payment, compliance and banking
SentinelOne - predicts, prevents, detects and responds to threats
Shift Technology - helps reduce insurance fraud
SignalSense - evaluates traffic for threats occurring inside your network
Sift Science - helps prevent fraud and abuse for your web-scale business
SparkCognition - helps businesses predict a data breach
Versive - automates threat hunting supporting cybersecurity teams
Zimperium - real-time threat protection mobile and apps
AI’s promise in this space is the ability to consistently detect new and unknown threats – known as a zero-day exploit – in the absence of traditional indicators of compromise – such as a known pieces of malware.
_______________________________________________
Feature
The role of AI in cyber security
As mentioned, the integration of artificial intelligence into cyber security strategies can help reduce the risk of a successful attack breaching an organisation, while also helping detect threats that have entered the system. Continue reading
_______________________________________________
Feature
AI’s role in cyber insurance
As cyber attacks become more common – you only have to look back to the WannaCry, Petya and Equifax data breach – more businesses will take out your cyber insurance policies. These third parties can leverage AI to elevate their own defences against attacks. Continue reading
_______________________________________________
Industry case study
How can banks fight cybercrime?
The financial services industry is not admitting the full scale of cyber attacks. But experts believe the implementation of emerging technologies, like AI, can greatly minimise the risk of human error in banking security by automating processes. Continue reading
_______________________________________________
Feature
The success of artificial intelligence depends on data
Like most technologies, successful implementation depends on the quality of data available to make the right decisions.
_______________________________________________
Advice
Using AI intelligently in cyber security
However, as with implementing any new technology, CIOs must use the technology in a scalable and appropriate way. Done the wrong way, this could leave organisations more exposed to cyber attacks. Continue reading
_______________________________________________
5. Mobile security
As workforces become more mobile, the impetus on defending the increased use of personal devices outside the relative safety of the office environment becomes
paramount. The importance of these mobile devices, which everyone uses in both professional and personal spheres, can’t be an afterthought and must be a priority for a CIO looking to protect their organisation.
Crucially, CIOs need to understand how to encrypt mobile devices for an entire workforce, when the number of cyber attacks against them is increasing dramatically.
_______________________________________________
Feature
The impact of the mobile security in the enterprise
As the number of mobile devices continues to grow, the ability to secure them becomes increasingly difficult. How can CIOs and security executives ensure the productivity and flexibility gained by the mobile era, without hindering security? Continue reading
_______________________________________________
Advice
Common security vulnerabilities of mobile devices
To deal with the mobile threat, CIOs need to understand what the vulnerabilities of mobile devices are. Here, we look at what these are
_______________________________________________
Advice
Top tips for securing your mobile devices ahead of GDPR
As the GDPR deadline approaches (25 May 2018), the ability to defend an organisation’s data must be one of, if not the top priority for CIOs and their boards (see section 8).
Here, we identify mobile devices as the potential weak link that will leave organisations vulnerable to cyber attacks, and how to secure them.
_______________________________________________
6. Cloud security
Every business has now seen the merit of the cloud. First it was private, which was too costly, then public, which was too insecure and now many understand the need for a hybrid cloud strategy, across multiple vendors, to meet the modern challenges of digital transformation.
But, as more organisations adopt a hybrid cloud, multi-cloud or cloud computing strategy, how can they secure them and is it a priority? What cloud security providers solutions are out there?
Feature
What are the threats that arise from adopting a cloud strategy?
Companies that adopt cloud solutions can release products quicker and achieve economies of scale at a faster rate than companies with traditional IT environments.
However, the shared nature of cloud also means that there is a increase in the number of threats organisations could face. Continue reading
What everyone should know about cyber security in the cloud
The use of cloud is now a necessity, so security decision makers need to, first and foremost, understand cyber security in the cloud. Continue reading
_______________________________________________
Feature
What to do when it comes to cloud security
Every business is an individual and has different security needs. However, there are widespread inconsistencies when it comes to their enterprise cloud security strategy. Continue reading to find out how to implement a unified solution
_______________________________________________
Feature
Benefits of cloud computing security tools for data storage
Companies adopting cloud computing can benefit from the array of security features and tools that are built in by service providers. Continue reading
_______________________________________________
Industry case study
Top cloud security risks for healthcare
The healthcare industry stores more sensitive and personal data than perhaps any other sector, and increasingly there organisations store this data in the cloud. How can they ensure this is protected? Read on
_______________________________________________
7. IoT security
More than half of the 45 billion IoT devices expected to be in use by 2023 will be implemented across businesses, cities and homes.
IoT will play, arguably, the most significant role in shaping the future of innovation through mass data collection helping power smart cities and facilitate business transformation. However, this successful transformation is dependent on dynamic security.
Over the last two years, failings in IoT security have caused widespread damage with DDoS attacks and the infamous Mirai botnet. As businesses and governments move forward, and rely more heavily on the Internet of Things, protecting it will become the great security challenge. Organisation’s will need to rethink their approach to data security and make heavy investments to meet IoT security requirements.
As a result, there are a number of IoT security solutions companies available for the enterprise:
_______________________________________________
Feature
The Internet of Things: The security crisis of 2018?
As the use of IoT devices becomes more prevalent, it represents the greatest possibility of a security crisis across industries, with manufacturing particularly at risk as an early adopter of the technology. Continue reading
_______________________________________________
Video
Securing the Internet of Things
Ofer Amitai, the co-founder and CEO of Portnox, discusses securing the Internet of Things in the BYOD era with Information Age:
_______________________________________________
Blog post
Securing networks in the IoT revolution
The issue facing IT professionals and CIOs is not the number of unregulated IoT devices entering the workplace, but also the nature of the devices themselves – security needs to be improved in the design process. Continue reading
_______________________________________________
Feature
UK Government sets cyber security guidelines for millions of IoT devices
The government is demanding new measures for manufacturers to boost cyber security in millions of internet connected devices. They need to be built with security in mind. Continue reading
_______________________________________________
Advice
A complete guide to making life difficult for hardware hackers
Security needs to be considered throughout the design process of both software and hardware concerning IoT. With this in mind, more well-designed products will come to market, which protect both the vendors and their customers. Continue reading
_______________________________________________
Advice
4 modern challenges for the Internet of Things
What challenges can CIOs expect from securing the IoT? – IoT hardware design, low-power long-range communication, artificial intelligence integrated IoT and secure IoT. Continue reading
_______________________________________________
8. Regulation’s effect on security
The regulatory landscape is becoming more and more complex. Arguably the biggest new set of data protection laws is the impending General Data Protection Regulation, coming into force on 25 May 2018. This law is reasonable at its a core – a response to the growing importance of data – but it is more stringent, and organisations that fail to comply by having ineffective security strategies will face huge fines, and potentially irreversible reputational, customer and investor damage.
The importance of implementing an effective IT security strategy, instigated by the CIO, has never been more vital for businesses wanting to remain successful.
_______________________________________________
Feature
Global organisations are failing to invest in much-needed security ahead of GDPR
In order to comply with GDPR, organisations must invest in the right technologies to achieve an effective security strategy, but are they doing this? A lack of sufficient IT security protection and a lack of efficient data security are the biggest challenges to compliance efforts. Continue reading
_______________________________________________
Blog post
GDPR – Are your tech platforms secured for first contact?
How can businesses ensure their websites are secure from data leaks ahead of the General Data Protection Regulation? Read on
_______________________________________________
Blog post
Could the cyber threat landscape grow under GDPR?
Taking advantage of the more strict data protection law, hackers might attack organisations with more ferocity, using the regulation as leverage. Continue reading
_______________________________________________
9. Government and security
The inception of the UK’s National Cyber Security Centre showed that the government is entirely serious about defending against the growing threats posed by cyber attacks, and recognises the dangers this landscape poses to critical infrastructure, people and businesses. The US government, as well, recognises the growing dangers of cyber attacks, and has released a new national strategy for addressing the growing number of cyber security risks as it works to assess them and reduce vulnerabilities.
To build a successful 21st century economy and society, the UK government needs a strong focus on cyber security, and has demonstrated its commitment to this.
_______________________________________________
Feature
When it comes to cyber security businesses must follow government’s lead
The UK government is taking clear action on cyber security, demonstrating its intention to lead in this area. Crucially, they have appointed named figures at the highest levels of government with accountability for cyber security – and businesses should follow suit. Read on
_______________________________________________
Feature
Will investment in the UK’s cyber defence system make a difference?
Real progress will only be made if the organisations themselves start to prioritise cyber security and collaborate with the public sector. Continue reading
_______________________________________________
Feature
Government response to tech skills gap: Cyber security and coding
In the face on increasing threats, a report from CWJobs found that only half of employers look for cyber security skills when recruiting new tech talent. More worryingly, perhaps, nearly a third of tech employees said they felt they were insufficiently trained in coding, cyber security and cloud migration. Read on to see how the government aims to tackle this and address the security skills crisis
_______________________________________________
10. Responding to the cyber security skills crisis
Critical to any successful IT security strategy is a capable workforce, but this is a challenge. How can businesses negotiate the cyber threat landscape amid a cyber security skills crisis?
One way of addressing the skills crisis focuses on improving levels of diversity within the technology industry, taking advantage of the whole population and not just 50%. Getting more women in the tech space is crucial in addressing this skills gap. According to a report by ISC, the information security field will experience a 1.5 million deficit in professionals by 2020. Yet women, who could help to fill that gap, remain massively underrepresented – comprising just 10% of the global workforce. This can be improved, in part, by breaking down stereotypes, making STEM subjects more attractive and by highlighting female role models.
Collaboration between industry and government is also important in addressing the skills crisis, while providing an easier route in the cyber security space.
_______________________________________________
Feature
A guide to overcoming the skills crisis in the cyber security industry
Here is a detailed guide of how CIOs can respond to the skills crisis, and create a workforce capable of carrying out an effective cyber security strategy. Read on to find out how
_______________________________________________
Advice
Will blockchain solve the cyber security skills crisis?
For nearly six years, cyber security markets have struggled with near 0% unemployment leaving hundreds of thousands of positions vacant. According to Frost & Sullivan, by 2020 the number of empty security positions could grow to 1.8 million. These stats contrast against the increasing number and severity of high profile hacks. Today’s $8.5 billion/year antivirus market is broken, with 70% of threats going undetected and cybercrime damages expected to double by 2021 and reach $6 trillion.
Mark Tonessen, former McAfee Antivirus CIO, believes blockchain could be the answer to the perpetual shortage of security talent. Cryptocurrency could be used to gamify bug bounty markets for white hackers. Continue reading
_______________________________________________
Blog post
Restoring consumer trust with security
Major attacks like WannaCry and NotPetya are causing consumers to lose faith in the brands and services they use. And security is increasingly becoming a valuable competitive differentiator for businesses in all sectors. Continue reading
Article by channel:
Everything you need to know about Digital Transformation
The best articles, news and events direct to your inbox
Read more articles tagged: