Security 2020: What Direction is Cyberspace Heading?

Monday, June 15, 2015

Dan Lohrmann

1fec6881fe864bc30369edb548ea22b1

No longer does a week go by without some high-profile data security breach hitting the global, regional or country-specific news headlines. By almost any measure, cyber danger doubled last year and hackers are now breaking into enterprise systems, stealing sensitive data and causing business disruption at an unprecedented pace.

In the Michigan State Government alone in 2014, there were approximately 730,000 attempted cyberattacks each day.  You heard that right, each day! And Michigan is just one of the thousands of government organizations and businesses that experience serious cyberattacks around the world.

What’s Keeping YOU Up at Night?

So how can governments, corporations and individual respond? Every organization must have an effective plan to identify, protect, detect, respond and recover from cyberattacks.

Here are a few strategies that can help in five areas that are keeping Chief Information Security Officers (CISOs) up at night.

First, cloud computing data must be encrypted at rest and in transit. Security leaders need to find the right balance between blind trust and control with cloud companies as they address data ownership, security, legal issues, hosting locations and service level agreements. Enterprises need to survey networks and learn where data is truly going. Secure solution such as FEDRAMP in the USA and G-Cloud in the UK can offer secure alternative configurations.

Second, we must ensure that security is built into non-traditional computing environments such as our critical infrastructure with embedded technology. Governments should work with the private sector to develop cyber disruption strategies to respond to cyberattacks against these critical systems that we rely on and prepare for events such as power outages.

Third, every employee is vital in this online battle, so we must change online habits to be aware of ever-emerging cyber threats. We need to train employees not to click on phishing scams and to be watchful against online fraud and social engineering attacks. 

Fourth, more mobile applications are running our business applications. We need to enforce device policies with mobile device management programs, lock devices automatically, have the ability to remotely wipe data and encrypt sensitive data on mobile devices.

Fifth, when it comes to malware and zero-day threats, we must be able to answer questions like: Do you know what systems you have, their level of compliance, and patch status? How do you respond to cyber incidents? What data is at risk during an incident? Do you have staff who can do forensics and identify the scope of the problem? Who do your customers call and how do you communicate with teams, employees, and media?

How Can We Prepare?

As we look into the next five years and ask how we can prepare for 2020, there are core skills that technology and security leaders must develop to be effective.

First, we must recognize that cyber programs will fail if they stand alone. Build partnerships that bring together the private and public sectors as well as law enforcement and more to help you identify, protect, detect, respond and recover from cyberattacks. 

Second, we must learn from history if we are to address the challenges of the future. From Wifi to the cloud to mobile computing to the Internet of Things, the same patterns often develop. How can we ensure that security is built into products from the start?

Finally, we cannot “just say no” to new innovation and technological advances, but offer alternative solutions that meet the right risk profile for the business.

The future of cyberspace is bright, and cybersecurity needs to be at the center of your innovation strategy.

Dan Lohrmann is Chief Strategist and CSO of Security Mentor, and former CSO of the state of Michigan.

 

10840
Budgets Enterprise Security Policy Security Awareness Security Training
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.