[BreachExchange] Rising Security Priorities: 5 Security Trends To Watch

Audrey McNeil audrey at riskbasedsecurity.com
Thu May 5 20:31:18 EDT 2016


http://www.bsminfo.com/doc/rising-security-priorities-security-trends-to-watch-0001

Over the past eight years major IT industry shifts have demanded attention
and budget. Hot topics that have dominated the IT conversation have
included unstructured data governance, network monitoring, threat
detection, virtualization, new cost-effective approaches to infrastructure
management, and backup and disaster recovery solutions that help restore
sensitive information in case of data loss or theft. These topics have
changed the way IT manages and protects their environment, but even more
where they place their resources and time.

Now, a new set of IT priorities are emerging with issues around security
rising quickly to the top. These trends, with security at their core, will
shape budgets, change priorities, and influence resource allocation in the
years to come. Solutions providers in this security-sensitive time need to
consider the following five industry trends. They are likely to dominate IT
conversations into next year and beyond.

1. Account hijacking spreads panic. Even advanced protection is not a
panacea against sophisticated cyber-attacks. Instead of contriving new ways
to compromise an organization’s security mechanisms, hackers simply target
administrator credentials. Hidden threats posed by insider misuse make
enterprise-level visibility into activities of privileged users more
important than ever. This helps discover threats across all levels of IT
environment and mitigate data-related risks.

2. The cloud offers identity management. Cloud providers continue to
upgrade their technology, focusing not only on cost-effectiveness and
scalability, but heavily investing in security services. Offering more
flexible access management models, providers help their customers establish
more advanced security controls than companies can normally provide
on-site. This makes cloud options more attractive to midsized businesses
and, partially, large enterprises more likely to deploy hybrid cloud models
while storing some of their data on-premises.

3. Security as an important part of MSP. Entrusting data and services to
MSPs could be challenging and may increase security risks and compliance
violations. When selecting a managed service provider, businesses need to
verify the chosen provider can create infrastructure that is highly secure
by default, ensure continuous compliance, and provide a viable disaster
recovery plan.

4. Virtual environment needs security too. The adoption speed of virtual
environments is impressive. About two-thirds of organizations worldwide
already use virtualization, and a significant number have plans to join
them next year. The rapid spread of the technology, its growing importance
for businesses, and increased security threats pose the question of
advanced protection. Companies still underestimate the importance of
virtual environment security, but the trend has started to change as more
organizations are planning to invest in virtualization security in the
nearest future.

5. “Wetware” is the weakest link in cyber security chain. The human factor
remains the prominent threat in terms of IT security. No matter how strong
companies’ internal controls are, even employees’ slightest mistakes can
cause serious data breaches. Experts agree one of a few truly effective
strategies for overcoming potential threats is building a risk-aware
culture across all levels of the organization. It is extremely important to
convince employees that IT security is everybody’s job, not an external
burden on IT departments.

Security will remain one of the most high priority topics in the coming
year. Specifically, enhanced visibility into cloud and virtual
environments, advanced protection of privileged accounts, and protection
from the human factor, possibly the worst pain point of any company, will
rise to the top of the IT conversation. As these issues affect internal
workflows, enterprise organizations and their partners will be forced to
look for additional security mechanisms to help eliminate the threats and
risks that may impact business productivity or continuity.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20160505/866e77f6/attachment.html>


More information about the BreachExchange mailing list