Security breaches reached an all-time high in 2017. The list of sophisticated, far-reaching breaches grew almost daily last year, and these breaches impacted millions of people globally. Security’s mission is to protect, detect, and respond. However, it’s remained the same for many facets of business, from payment systems to IoT Devices. The last 10 years has shown huge improvements in protecting and detecting, yet our response to security is one of the most neglected aspects when it comes to breaches. The complexity and volume of cyber-attacks will only increase in 2018, so how can you prepare? We consulted a ServiceNow expert to get their best predictions for 2018 security tips for the enterprise.
In his ServiceNow blog, Brendan O’Connor explains that security teams often struggle to quickly determine whether incidents are worth a response or not. Many organizations use dozens of different security tools that funnel huge amounts of signal onto the desks of security professionals. Analysts use spreadsheets and email to manage reacting to the signal, and the volume of alerts can result in professionals spending far too much time researching incidents.
“In 2018, we will see security Haves and Have-nots emerge between those that begin to automate this research portion of security response and those that don’t. Companies with the tools and culture to embrace automation, and put technology to work for real business enablement, will perform better than those that don’t,” O’Connor said.
Haves will be expected to report on security operations as a key part of their daily tasks. They’ll put scalable processes in place to measure progress. Automation will help better determine which systems to patch, and when. The beauty of this is that their security teams will be free from mundane and time-consuming manual research. They’ll have more time to focus on projects that will reinforce an organization’s security. This approach extends beyond just security; Automation is so effective that it becomes a rising tide that lifts all ships, operating in virtually all areas of business, according to O’Connor.
Security programs are, ultimately, about minimizing risk. To achieve this, security teams need to better articulate tradeoffs that will need to be made. They can do this by putting risk and consequences into business terms, bringing security into a business’s strategy.
According to O’Connor, “In the coming year, we will see CISOs do more to present their security concepts and programs in business terms. Talking about securing data is one thing, but demonstrating the value that security offers the business is something else. This will eventually apply to every aspect of the business, but most immediately applies to regulatory compliance, potential lost revenue, customer relationships, legal liability, competition, intellectual property, stockholder loyalty and brand protection.”
Boardrooms need to take a step toward security, and security professionals need to meet them there. Bridging the knowledge gap between leadership and security provides important framework that ensures effective security by helping all parties asses risks and decide how to mitigate them.
Want to learn more about how ServiceNow can improve your Cyber Security? Click here to speak to an expert for free.
There are two types of breaches: One impacts information, and one impacts physical security. The breaches that plagued organizations in 2017 were primarily informational breaches. While it is inconvenient, and potentially harmful to victim’s financial status, losing information does not impact the physical safety of breach victims. In 2018, it is predicted that breaches will impact victim’s physical, personal lives. Whether it’s a medical device, or a wearable, that is hacked and remotely controlled or an industrial IoT device, these items are vulnerable to security breaches.
On May 25, 218 the General Data Protection Regulation (GDPR) will go into effect. GDPR will provide a legal framework to strengthen and unify data protection and distribution for individuals within the European Union. “While the regulation will protect EU citizens, it will impact organizations worldwide – every company that serves a customer or employee in the EU – and businesses can be held responsible for the way they process, store, and protect personal data. The maximum penalty is a fine of 20 million Euros, or 4% of global annual revenue, whichever is greater. The EU may choose to make an example out of one of the first companies it penalizes, sending a message that GDPR is to be taken seriously,” O’Connor said.
Along with these predictions, security in 2018 will only continue to change and grow to adapt to different threats faced within the cyber world.