Introduction
In the face of increasing cyber attacks and more complex, stringent data privacy laws, IT security has become an increasingly important discussion for the boardrooms of organisations across industries.
The IT security responsibility should lie with the CIO, CTO or the emerging role of the CISO, but the culture of security should be adopted by a whole organisation. After all, the biggest cause of cyber security incidents results from employee negligence.
Cyber security efforts continue to flail against the growing number and variations of different cyber attacks. PwC’s Global State of Information Security Survey 2018 — of 9,500 senior business and technology executives from 122 countries, including 560 UK respondents spanning large to small businesses and public sector organisations — found that more than a quarter of UK organisations (28%) don’t know how many cyber attacks they suffered in the past year, and a third (33%) admitted to not knowing how the incidents they faced occurred.
To combat and understand these threats effectively, CIOs and IT executives need to establish an effective IT security strategy that uses the right tools and technologies, while fostering a culture of security.
In this guide, readers can explore how to implement an IT security strategy; attack prevention, the threat to business, the latest information on security solutions and companies, the impact of new regulation, the government’s response to security, dealing with the cyber security skills gap and how other companies are handling the changing IT security landscape.
Section 1 – Implementing an IT security strategy
Section 2 – Culture of security
Section 3 – Types of attack and how to mitigate
Section 4 – AI in security
Section 5 – Mobile security
Section 6 – Cloud security
Section 7 – IoT security
Section 8 – Regulation’s impact on security
Section 9 – Government and security
Section 10 – Responding to the cyber security skills crisis
_______________________________________________
1. Implementing an IT security strategy
The increasing number of cyber threats, and the financial and reputational implications of a data breach means that organisations need to adopt the right IT security strategy for their organisation.
This section delves into what trends to look out for and how to protect your organisation, by adopting the best security strategy practices.
_______________________________________________
Feature
The changing cyber threat landscape has corresponded with the evolution of IT, and organisations must take advantage of the new technologies available to provide better security protection.
_______________________________________________
Feature
How to protect an organisation: Cyber security tips
Unfortunately, given the thousands of attacks directed at organisations everyday, the chance of keeping out every threat is slim to none. However, there are steps organisations can take to mitigate the risk, and respond in effective manner in the event of a breach.
https://www.youtube.com/watch?v=okhWkidKGs4
_______________________________________________
Feature
Cyber security is a ‘people problem’
Ultimately, in order to instigate an effective cyber security strategy, CIOs must foster a culture of security within the whole company. Only then will companies be the most secure they can be.
Cyber security in the workplace is everyone’s business
Following in the same vein, it is the responsibility of everyone to make sure a company is implementing effective cyber security practices.
_______________________________________________
Blog post
The importance of an integrated security strategy
Andrew Avanessian, the COO at AppLearn, suggests that integrated security strategies with complementary solutions are more effective than multiple layers of complex protection software.
_______________________________________________
Advice
6 critical steps for responding to a cyber attack
In the case of a successful cyber attack, which is likely, organisations and their CIOs need to have an effective response plan in place.
Prevention, detection and response
The key to successfully navigating a cyber security breach, lies in prevention, detection and response. John Bruce, CEO of Resilient, an IBM company, discusses these essentials here.
_______________________________________________
2. Culture of security
The biggest weakness in an organisation’s armour is the employee. Due to negligence or laziness, the insider threat (whether intentional or not) represents the biggest threat to a business.
This section will cover how to foster a culture of security, and the importance of staff security training.
_______________________________________________
Feature
The importance of creating a cyber security culture
The most vulnerable companies will always be those that fail to create a culture of security. How do you create that? Find out here.
_______________________________________________
Blog post
Cultivating a culture of information security
Organisations need to think about information security as a business that facilitates increased competitive advantage and improved security.
_______________________________________________
Analysis
Insider threat: Majority of security incidents come from the extended enterprise, not hacking groups
Threats from an employee — inadvertent or malicious — make up 42% of incidents, a number that has increased from 2015 when 39% of incidents originated from inside an organisation’s network.
_______________________________________________
Blog post
Why insider threats are the next big security challenge
There are lots of security solutions sold by vendors, but what about the threat from within?
_______________________________________________
Feature
How to prevent the most dangerous cyber threat: Insider attacks
Employee complacency is an overlooked risk factor for organisations, particularly when it comes to ensuring that the latest software versions or updates are installed.
_______________________________________________
Blog post
The insider threat: 5 things to do if your employee has gone rogue
Sometimes an employee will intentionally leak an organisation’s data. Here is how to respond if this happens to you.
_______________________________________________
Advice
Staff training key in defending against cyber attacks
Basic training could have a huge impact on security for those employees who inadvertently leak their organisation’s data. But, have UK businesses missed an opportunity with this?
_____________________________________
3. Types of attack and how to mitigate
CIOs and businesses should anticipate the growth of DDoS, IoT and ransomware attacks. These attacks will continue to plague businesses in their variation and frequency, along with the increased determination of hackers, as the value of data soars.
_____________________________________
Feature
Ransomware represents ‘25% of cyber attacks’ as hackers target UK
Following the global attention of WannaCry and Not/Petya in 2017, ransomware is now the most likely threat to UK businesses, unsparring in what industry it targets.
_____________________________________
Advice
Migrating data to prevent ransomware attacks
By creating gaps between back-ups — with data being stored offline and disconnected from any other data source — it becomes possible to protect critical data and restore it without much downtime.
_____________________________________
Feature
The DDoS attack landscape in Europe — declining?
DDoS attacks declined in Q1 2019, but cyber attack volumes were up by 73% year-on-year, according to Link11.
_____________________________________
Advice
How organisations can eliminate the DDoS attack ‘blind spot’
Critical to any realistic DDoS defence strategy is proper visualisation and analytics into these increasing security events.
_____________________________________
Advice
Top female CIO on IoT implementation and security
IoT cyber security attacks are still flying under the radar, but ForeScout‘s CIO — Julie Cullivan — looks to tackle the problem head on. This article covers her IoT security strategy.
_____________________________________
4. AI in security
Security solutions come with a range of technologies, but artificial intelligence is one that will help change the game for CIOs and CTOs in protecting their business. AI solutions are still in their relative infancy, but as cybercriminals increasingly use automation-led hacking techniques, businesses will need to respond in kind.
There are a number of these solutions on the market, and their pedigree will improve significantly over the next couple of years:
Cybel Angel — prevention and real-time detection cyber incidents
Cylance — cybersecurity that predicts, prevents and protects from threats
Darktrace — spots patterns and prevent cyber crimes before they occur
Deep Instinct — zero day attacked protection for endpoints and mobile
Delphi — security against malware and malicious internet activity
Demisto — combines security orchestration and incident management
Drawbridge Networks — security-as-a-service
Emergent — helps predict where hackers will attack
Graphistry — helps teams investigate cyber threats quickly and easily
LeapYear — extracts threat insights from sensitive data
Pelican — a more intelligent and secure payment, compliance and banking
SentinelOne — predicts, prevents, detects and responds to threats
Shift Technology — helps reduce insurance fraud
SignalSense — evaluates traffic for threats occurring inside your network
Sift Science — helps prevent fraud and abuse for your web-scale business
SparkCognition — helps businesses predict a data breach
Versive — automates threat hunting supporting cybersecurity teams
Zimperium — real-time threat protection mobile and apps
AI’s promise in this space is the ability to consistently detect new and unknown threats — known as a zero-day exploit — in the absence of traditional indicators of compromise — such as a known pieces of malware.
_______________________________________________
Feature
The role of AI in cyber security
As mentioned, the integration of artificial intelligence into cyber security strategies can help reduce the risk of a successful attack breaching an organisation, while also helping detect threats that have entered the system.
_______________________________________________
Feature
As cyber attacks become more common — you only have to look back to the WannaCry, Petya and Equifax data breach — more businesses will take out your cyber insurance policies. These third parties can leverage AI to elevate their own defences against attacks.
_______________________________________________
Industry case study
How can banks fight cybercrime?
The financial services industry is not admitting the full scale of cyber attacks. But experts believe the implementation of emerging technologies, like AI, can greatly minimise the risk of human error in banking security by automating processes.
_______________________________________________
Feature
The success of artificial intelligence depends on data
Like most technologies, successful implementation of AI depends on the quality of data available to make the right decisions. As well, many organisations continue to fail to effectively apply AI to solve specific business cases. Businesses and buyers must carefully evaluate those organisations touting their AI capabilities, keeping a keen eye to ensuring the technology leverages the right data and capabilities to be truly effective.
_______________________________________________
Advice
Using AI intelligently in cyber security
However, as with implementing any new technology, CIOs and CTOs must use the technology in a scalable and appropriate way. Done the wrong way, this could leave organisations more exposed to cyber attacks.
_______________________________________________
5. Mobile security
As workforces become more mobile, the impetus on defending the increased use of personal devices outside the relative safety of the office environment becomes paramount. The importance of these mobile devices, which everyone uses in both professional and personal spheres, can’t be an afterthought and must be a priority for a CIO or CTO looking to protect their organisation.
Crucially, CIOs and CTOs need to understand how to encrypt mobile devices for an entire workforce, when the number of cyber attacks against them is increasing dramatically.
_______________________________________________
Feature
The impact of the mobile security in the enterprise
As the number of mobile devices continues to grow, the ability to secure them becomes increasingly difficult. How can CIOs and security executives ensure the productivity and flexibility gained by the mobile era, without hindering security?
_______________________________________________
Advice
Common security vulnerabilities of mobile devices
To deal with the mobile threat, CIOs and CTOs need to understand what the vulnerabilities of mobile devices are. In this article, we look at what these are.
_______________________________________________
Advice
How to secure, manage and monitor edge devices
As edge devices grow and expand in type, it’s business critical to be able to secure, manage and monitor them.
_______________________________________________
6. Cloud security
Every business has now seen the merit of the cloud. First it was private, which was too costly, then public, which was too insecure and now many understand the need for a hybrid cloud strategy, across multiple vendors, to meet the modern challenges of digital transformation.
But, as more organisations adopt a hybrid cloud, multi-cloud or cloud computing strategy, how can they secure them and is it a priority? What cloud security providers solutions are out there?
Sophos
Hytrust
Cipher Cloud
Proofpoint
Netskope
Twistlock
Symantec
Fortinet
Cisco Cloud
Skyhigh Networks
vArmour
ZScaler
Palo Alto Networks
Qualys
CA Technologies
_______________________________________________
Feature
What are the threats that arise from adopting a cloud strategy?
Companies that adopt cloud solutions can release products quicker and achieve economies of scale at a faster rate than companies with traditional IT environments.
However, the shared nature of cloud also means that there is a increase in the number of threats organisations could face.
What everyone should know about cyber security in the cloud
The use of cloud is now a necessity, so security decision makers need to, first and foremost, understand cyber security in the cloud.
_______________________________________________
Feature
What to do when it comes to cloud security
Every business is an individual and has different security needs. However, there are widespread inconsistencies when it comes to their enterprise cloud security strategies. Essential reading if you want to find out how to implement a unified solution.
_______________________________________________
Feature
Benefits of cloud computing security tools for data storage
Companies adopting cloud computing can benefit from the array of security features and tools that are built in by service providers.
_______________________________________________
Industry case study
Top cloud security risks for healthcare
The healthcare industry stores more sensitive and personal data than perhaps any other sector, and increasingly these organisations store this data in the cloud. How can they ensure this is protected?
_______________________________________________
7. IoT security
More than half of the 45 billion IoT devices expected to be in use by 2023 will be implemented across businesses, cities and homes.
IoT will play, arguably, the most significant role in shaping the future of innovation through mass data collection helping power smart cities and facilitate business transformation. However, this successful transformation is dependent on dynamic security.
Over the last four years, failings in IoT security have caused widespread damage with DDoS attacks and the infamous Mirai botnet. As businesses and governments move forward, and rely more heavily on the Internet of Things, protecting it will become the great security challenge. Organisation’s will need to rethink their approach to data security and make heavy investments to meet IoT security requirements.
As a result, there are a number of IoT security solutions companies available for the enterprise:
ARM
Bayshore Networks
Cisco
Device Authority
Dell
Endian
Forescout Technologies
Gemalto
HPE
IBM
Infineon Technologies
Intel
Juniper
Kaspersky Labs
Lightcyber
Microsoft
Mocana
NXP
Palo Alto Networks
Risucre
Symantec
Thales e-Security
Utimaco
Venafi
Wurldtech
ZingBox
_______________________________________________
Feature
The Internet of Things: The security crisis of 2018?
As the use of IoT devices becomes more prevalent, it represents the greatest possibility of a security crisis across industries, with manufacturing particularly at risk as an early adopter of the technology.
_______________________________________________
Video
Securing the Internet of Things
Ofer Amitai, the co-founder and CEO of Portnox, discusses securing the Internet of Things in the BYOD era with Information Age:
_______________________________________________
Blog post
Securing networks in the IoT revolution
The issue facing IT professionals, CIOs and CTOs is not the number of unregulated IoT devices entering the workplace, but also the nature of the devices themselves — security needs to be improved in the design process.
_______________________________________________
Feature
UK Government sets cyber security guidelines for millions of IoT devices
The government is demanding new measures for manufacturers to boost cyber security in millions of internet connected devices. They need to be built with security in mind.
_______________________________________________
Advice
A complete guide to making life difficult for hardware hackers
Security needs to be considered throughout the design process of both software and hardware concerning IoT. With this in mind, more well-designed products will come to market, which protect both the vendors and their customers.
_______________________________________________
Advice
4 modern challenges for the Internet of Things
What challenges can CIOs and CTOs expect from securing the IoT? — IoT hardware design, low-power long-range communication, artificial intelligence integrated IoT and secure IoT.
_______________________________________________
8. Regulation’s effect on security
The regulatory landscape is becoming more and more complex. The General Data Protection Regulation has been followed by the California Consumer Privacy Act. Both these laws are reasonable at their a core — a response to the growing importance of data — but it is more stringent, and organisations that fail to comply by having ineffective security strategies have faced huge fines, and potentially irreversible reputational, customer and investor damage.
The importance of implementing an effective IT security strategy, instigated by the CIO and CTO, has never been more vital for businesses wanting to remain successful.
_______________________________________________
Feature
Global organisations are failing to invest in much-needed security ahead of GDPR
In order to comply with GDPR, organisations must invest in the right technologies to achieve an effective security strategy, but are they doing this? A lack of sufficient IT security protection and a lack of efficient data security are the biggest challenges to compliance efforts.
_______________________________________________
Feature
America’s GDPR: A guide for UK organisations on how to prepare for the CCPA
Jung-Kyu McCann, General Counsel at Druva, explores how UK organisations can prepare for America’s GDPR, better known as the CCPA.
_______________________________________________
Blog post
GDPR – Are your tech platforms secured for first contact?
How can businesses ensure their websites are secure from data leaks?
_______________________________________________
Blog post
Could the cyber threat landscape grow under GDPR?
Taking advantage of the more strict data protection law, hackers might attack organisations with more ferocity, using the regulation as leverage.
_______________________________________________
9. Government and security
The inception of the UK’s National Cyber Security Centre showed that the government is serious about defending against the growing threats posed by cyber attacks, and recognises the dangers this landscape poses to critical infrastructure, people and businesses.
The US government, as well, recognises the growing dangers of cyber attacks, and released in 2018 a new national strategy for addressing the growing number of cyber security risks as it works to assess them and reduce vulnerabilities.
To build a successful 21st century economy and society, the UK government needs a strong focus on cyber security, and has demonstrated its commitment to this.
_______________________________________________
Feature
When it comes to cyber security businesses must follow government’s lead
The UK government is taking clear action on cyber security, demonstrating its intention to lead in this area. Crucially, they have appointed named figures at the highest levels of government with accountability for cyber security — and businesses should follow suit.
_______________________________________________
Feature
Will investment in the UK’s cyber defence system make a difference?
Real progress will only be made if the organisations themselves start to prioritise cyber security and collaborate with the public sector.
_______________________________________________
Feature
Government response to tech skills gap: Cyber security and coding
In the face on increasing threats, a report from CWJobs found that only half of employers look for cyber security skills when recruiting new tech talent. More worryingly, perhaps, nearly a third of tech employees said they felt they were insufficiently trained in coding, cyber security and cloud migration. Read this to see how the government aims to tackle threats and address the security skills crisis.
_______________________________________________
10. Responding to the cyber security skills crisis
Critical to any successful IT security strategy is a capable workforce, but this is a challenge. How can businesses negotiate the cyber threat landscape amid a cyber security skills crisis?
One way of addressing the skills crisis focuses on improving levels of diversity within the technology industry, taking advantage of the whole population and not just 50%.
Getting more women in the tech space is crucial in addressing this skills gap. According to a report by ISC, the information security field will experience a 1.5 million deficit in professionals by 2020. Yet women, who could help to fill that gap, remain massively underrepresented — comprising just 10% of the global workforce. This can be improved, in part, by breaking down stereotypes, making STEM subjects more attractive and by highlighting female role models.
Collaboration between industry and government is also important in addressing the skills crisis, while providing an easier route in the cyber security space.
_______________________________________________
Feature
A guide to overcoming the skills crisis in the cyber security industry
Here is a detailed guide of how CIOs and CTOs can respond to the skills crisis, and create a workforce capable of carrying out an effective cyber security strategy. Read on to find out how.
_______________________________________________
Advice
Will blockchain solve the cyber security skills crisis?
For nearly six years, cyber security markets have struggled with near 0% unemployment leaving hundreds of thousands of positions vacant. According to Frost & Sullivan, by 2020 the number of empty security positions could grow to 1.8 million.
These stats contrast against the increasing number and severity of high profile hacks. Today’s $8.5 billion/year antivirus market is broken, with 70% of threats going undetected and cybercrime damages expected to double by 2021 and reach $6 trillion.
Mark Tonnesen, McAfee Antivirus CIO and SVP, believes blockchain could be the answer to the perpetual shortage of security talent. Cryptocurrency could be used to gamify bug bounty markets for white hat hackers.
_______________________________________________
Blog post
Restoring consumer trust with security
Major attacks like WannaCry and NotPetya caused consumers to lose faith in the brands and services they use. And security is increasingly becoming a valuable competitive differentiator for businesses in all sectors.