Standing on the verge of another New Year, it is a tremendous time to work in IT Security. For several years, most of our clients have been primarily motivated by compliance concerns to implement and document best practices for securing critical data and systems against hackers, theft, and loss.
Approaching 2016, I sense a shift in understanding and motivation that will spur businesses, retail companies, healthcare organizations, and government agencies all to take a more proactive, aggressive approach to security. While CIOs, compliance officer and IT Directors have understood the issues and potential risks they have faced the last few years, they often struggle to gain the organizational momentum from C-suite to the end user necessary to maintain the level of security they desire. This may be changing. I anticipate three critical ways IT teams may find more flexibility and support in the coming year.
Offensive Pro-Active Security
High profile, high cost data breaches we have seen in recent years have led many executives to take a more proactive, offensive posture in security. Historically, we have played but tools are available today that can finally put us on the offense. We now have tools that make predictive modeling and end-to-end security coverage within your network possible. Security as a stand-alone function or a budgetary afterthought only invites disaster. Incident avoidance is now a real strategic trend that will work in our favor in 2016.
Actionable Intrusion Detection
Large companies and organizations have struggled to implement costly, labor intensive vulnerability management and monitoring tools to detect anomalies in their systems. Even large organizations with the resources and personnel in place to maintain such complicated systems often lack the ability to respond adequately to the data the tools produce. And few small to medium sized companies are able to purchase and maintain such systems leaving the vulnerable to attacks that can siphon off massive amounts of critical data before they are even noticed.
Increasingly scalable, flexible tools are available now to help organizations of all sizes effectively monitor the integrity of their networks and to respond appropriately in the event of a cybersecurity incident or breach.
Effective Vulnerability Management and Remediation
We have learned from past data breaches that virtually all network vulnerabilities were exploited more than a year after they were first disclosed. Companies of all sizes and in virtually every industry have simply not been able to adequately respond to news of identified threats and vulnerabilities in the past. Remediation is a hurdle we have not been able to effectively clear but that is changing. There are three keys to improving a company’s ability to address remediation needs:
- Tools to improve vulnerability and threat prioritization
- The ability to scan networks and applications more frequently
- Improving communications between remediation and internal teams
Emerging and improving managed security tools and services are bringing the challenges of detection, response, and remediation under one scalable, accessible umbrella for companies of all sizes. I believe the New Year will be a turning point in our ability to identify and thwart malicious attacks and close security gaps that have put us on the defensive in the past. We are working now to gather new tools and technologies we look forward to bringing to our clients in the spring. While we will continue to see increasingly clever and aggressive tactics from hackers, 2016 may be a game changer or at least significantly level the playing field in cybersecurity.
Happy New Year!