IT security in 2019 is no longer going to be just about protecting sensitive data and preventing hackers out of our systems. In 2018, ransomware attacks skyrocketed by 350%, spoofing attacks increased 250% and spear-phishing attacks increased by 70% in companies worldwide. If your organization’s cybersecurity is not up to the mark, it can potentially be the next target of a cybercrime and even if you manage to protect yourself from these possible attacks, you need to ensure that there are no cybersecurity breaches within your organization, due to a disgruntled employee or just a mere blunder that an employee made.
For a CISO, this translates to a set of priorities, such as maintaining your customer’s trust, managing employee morale and keeping the organization’s name out of the headlines of bad press. To successfully accomplish those big priorities, here are four essential areas where CISOs are likely to spend most of their time, energy and money in 2019.
Protect Critical Assets
CISOs are responsible to safeguard critical business assets and this was executed earlier with a bottom-up approach – from IT and security infrastructure up to business processes, rather than a top-down approach up until 2018. This perspective has expanded their view of risk and mandates that security controls work collectively to protect all the technologies used to accomplish business processes. This is one of the profound changes that challenges even the best CISOs and security organizations.
Gain Threat Visibility Across All Platforms
In order to fix something, you should be able to monitor it. It is crucial to monitor platforms like the cloud, mobile, and on-premise assets and have instant access to them to correlate all the incidents and always be on the lookout for suspicious activity that can be a threat to the organization. Nowadays, there is always a wide spread of data amongst applications, cloud services and even on an unauthorized outside service. This impacts the visibility of the CISO. Only 16% of the CISOs are able to respond to 75% of these signs and were able to successfully interpret them.
In order to cater to these problems, visibility over platforms is essential for the security team.
Build A Security Culture
Security is a crucial part of a company’s culture, without which the company could be vulnerable to cyber threats. This is particularly true for service providers of cloud services, software, and hardware, like Oracle and IBM. Sensitive data is moving to the cloud and being accessed by mobile users across public networks. In this scenario, security perimeters must focus on specific control points like identity and data security. CISOs should be aware of where the sensitive data is being stored, who can access it, and how well it is protected.
Managing risks within the firewall
Sometimes intentionally or unintentionally, employees and contractors represent a threat; an example is that of a disgruntled employee who wants to steal and release unauthorized data. Perhaps, an inadequately trained employee clicks on a phishing scam link and gives away a key password or installs malware giving a hacker remote access. In any of these scenarios, an attack won’t be launched through the perimeter, but from within the network.
CISOs need to assess whether the confidential data should be encrypted, they need to review software as a service, cloud storage, and other vendors for encryption capabilities and practices to ensure that the customer information is fully protected.
In 2019, CISOs have too much to cope with, as they ensure data security while helping the business grow. It’s a tough job and can often be thankless. By focusing on these priorities, CISOs can do their part to keep the organization on the right path by reducing cyber risks and increasing ROI from the tools and technologies that they have invested in to do the job.