Porn gets Pwned. For Hackers, XXX means Exploit, Extort and Expose.

Modern cybersecurity is deafening. Each week, corporate security teams face 7 million new malware variants, 17,000 alerts, and a constant drumbeat of marketing hype and media hysteria over the latest and greatest threats. No surprise ears are ringing.

Traditional security meets this challenge tactically: encouraging firms to buy the newest appliances and recruit more people to manage them. This approach not only creates more security ‘noise’, it also does nothing to address today’s bigger cyber trends. As we speak, the dynamic threat landscape, digital transformation and regulatory upheaval are all changing the nature of security in the 21st Century.

Today, everyone’s a target for hackers. No matter your industry, business-size or location, cybercriminals will look for ways to exploit your weaknesses for financial gain. That’s why the size and frequency of breaches is growing in line with an expanding threat landscape ranging from APTs and insiders, to ransomware and phishing.

Meanwhile, rapid digital transformation is changing entire industries. From employees that expect to work in new ways, to customers demanding new capabilities, change is upon us – whether we like it or not. Security must be able to flex and adapt to help firms harness digital opportunities, while minimising the risks.

Finally, the EU’s General Data Protection Regulation (GDPR) will come into force from May 2018, heralding one of the biggest ever shake-ups to IT security. While the financial impact of GDPR is eye-watering and jaw-dropping, the regulation also brings enormous reputational risks, making it essential for every organisation to build-in appropriate security that ensures privacy by design.

In the face of this maelstrom, the key to stronger security is to ignore the hype, kill the noise and focus on tangible challenges. There are four crucial areas to consider:

Visibility

The first step in security is understanding your own environment. By proactively assessing your vulnerabilities and footprinting your Internet-facing attack surface, you can identify, prioritise and resolve security weaknesses before cybercriminals can find and exploit them. Bring in ethical hackers to test your security regularly, with continuous vulnerability scanning that ensures you stay on top of known, relevant exploits.

User behaviour

Almost all the most major, recent compromises exploited what’s often the weakest link in a business’s defences: its people. Don’t blame them, train them! By educating employees on the risks from phishing and social engineering, as well as the importance of strong passwords and robust user authentication, you can strengthen your defences at a minimal cost and with no disruption to business-as-usual.

Transformation

Combine insights into your organisation’s long-term business goals and its current security posture to plan defences that can keep pace with rapid digital transformation. Application security is a critical part of this puzzle, so make sure your approach fully protects both the in-house and cloud-based software on which your business depends.

Secure connectivity

Network and endpoint security should remain a high-priority for your business, but don’t focus on securing the perimeter. Instead, develop security that can identify and respond to attackers even once they’re inside your network. This means going further than device-led protection; you need layered and coordinated next-generation security capabilities, like Intelligence-led detection, that can head off hackers in real-time.

By focusing on these four areas, your business can build the foundations for a complete approach to security. The goal is to understand risk across the entire attack continuum so you can take informed actions as needed – whether you’re assessing risks, detecting threats, protecting assets or responding to attacks.

Does today’s deafening deluge of device data, security alerts, threat feeds and marketing hype have your security teams dazed and disorientated? Register for one of our events that focus only on the threats that really matter.

 


 

etienne-greeffEtienne Greeff is one of the early pioneers of the information security industry and has spent over 20 years promoting the innovative use of technology and services to solve complex customer issues.

As CEO of SecureData, Etienne advocates an end-to-end approach to security that assesses risks, proactively detects issues, protects critical assets and responds rapidly to threats. Prior to SecureData, Etienne founded, grew and successfully exited several other information security businesses.
Follow Etienne on Twitter

  • Share