[BreachExchange] What Are Your 2018 Cybersecurity Intentions?

Audrey McNeil audrey at riskbasedsecurity.com
Fri Jan 12 13:58:10 EST 2018


With another year of too many high profile, and quite frankly avoidable,
data breaches under our belts, it’s time to take a look forward and
identify areas where you may be able to improve your security program and
hopefully become more efficient and reduce risk more effectively.

The list below is based on my late year 2017 conversations with numerous
CISOs and where they see making the biggest investments and effort in the
year ahead will help them improve the most. Perhaps you’ll find the most
recurring themes from these conversations useful, too.

Getting betting at the basics. There’s a reason why athletes, or those
proficient in anything, make certain to keep themselves sharp with the
basics. It’s because the basics, while the essentials, aren’t always
necessarily easy to do at high performance day after day. The same is true
for security organizations. Getting identity management, vulnerability
management, good software development hygiene in place in continuous
development pipelines, configuration management, and cloud security, and
more. Now is a good time, to take a had look at how well your organization
focuses on the basics, and improve were improvement can be made.

Automate. As we’ve covered in Automation Is Key, as enterprises move from
their legacy data centers to hybrid cloud, and embrace containerization and
microservices, it is fundamentally changing the way they must secure their
environments. The increase speed, agility, and complexity of cloud
absolutely demands that automation is increased as possible and where

Learn what AI means to your organization. The year 2018 will be the year
many organizations grapple with how they’ll manage AI in their
cybersecurity efforts. The CISOs I interviewed expect machine learning in
the next year to be an absolute necessity to keeping up with threats and
incident response, but it’s expected to be a matter of the algorithms
augmenting the human analyst and not replacing them. Mastering these new
toolsets will be (or should be) a priority. But as Luana Pascu wrote in
Limitations of Machine Learning algorithms in malware detection isn’t a
silver bullet as much as a new tool at our disposal.

Get better at defending ransomware and extortion attacks. Ransomware grew
in a profound way in 2017 and there’s no reason to think that this is a
trend that will change any time soon. In fact, ransomware attacks are
likely to grow more severe over the next few years, and following the
success of WannaCry, NotPetya and BadRabbit expect different types of
systems to be targeted by these attacks.

If You are DevOps, get CI/CD QA Down.

More organizations today are deploying via continuous delivery pipelines.
Their software is continuously being updated, and then deployed on a rapid
schedule. This means when it comes to secure software development
lifecycle, getting automated tests and manual handoffs when necessary
right. It’s not easy, and it’s a radical change to the secure software
development lifecycle. So if not done so already, invest the resources and
effort to master software security in continuous delivery.

GDPR Compliance. GDPR is going to be a big focus this year as enterprises
scramble to comply with the new directives:

- EU citizen personally identifiable information (PII) must be adequately
protected, managed, and controlled.
- Data breaches must be reported within 72 hours.
- Non-compliant organizations are at risk to significant fines, from 4
percent of annual revenue down to €20 million.

Organizations not yet compliant (and there are many of them) are going to
have to identify any data that falls under GDPR control, including personal
data that EU organizations collect and manage. This also includes any
international companies that operate in the EU and hold such data. There
also going to have to document how those data are secured: how it’s
protected, who has access and how that access is determined and managed.
Finally, a The breach response plan needs to be comprehensive, ready, and
well-practiced. Further, how data is governed over time needs to be set
forth and managed.

When it comes to implementing cybersecurity intentions this year, not every
organization is the same, so the areas your organization may need to focus
on could be vastly different. The important thing is to find the most
pressing risks and your areas of weaker performance or vulnerabilities and
improve them as the year progresses.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20180112/e9585ffb/attachment.html>

More information about the BreachExchange mailing list