2016 Cyber Security Threat Predictions and Why Nutrient-Extracting Blenders Still aren’t the Answer
NNT review and discuss the range of Cyber Security Threats predicted by analysts and vendors and present a Top Ten of Cyber Security Safety Measures. Drinking kale and beetroot smoothies isn’t one of them, but to find out why not, and to see what did make the list, read on…
“To begin with we consulted a number of expert sources. As with many of these prescient type reports, conjecture and guesswork certainly play their part. That said there is enough fact based on current trends and previously observed activity to take all this very seriously indeed.”
NNT Summary of 2016 Cyber Security Threat Predictions
- The field of attack is broadening as new lucrative and disruptive targets are identified, and those with a cause to promote seek to enter the arena
- Organized crime will join the cyber-crime movement as it ceases to be the sole domain of the specialist hacker. $17k quick and easy ‘Hack for Cash’ at LA Presbyterian Medical Center combined with the prevalence of Malware on the Black-market makes cyber-crime suddenly accessible and attractive to common-all-garden crooks
- Apathy (it won’t happen to us) and cost will remain the two major blocks to Corporate and Government Cyber Security
- The litigators are circling! The stakes are going to be raised as more lawsuits are brought for damages relating to the loss of personal identifiable information
The Typical Mistakes Made by Most IT Teams and Why Corporate Cyber Security fails
So we all get sold on the need for Cyber Security defense measures and there is plenty of FUD (fear, uncertainty, and doubt) used to amplify the urgency and acuteness of the need.
The difficulty when determining the right Cyber Security strategy for your organization and in turn which technologies and products to use is not too dissimilar to assessing the market choices for keeping your body fit and healthy.
Many vendors try to say that they can deal with all known threats to the enterprise when actually, just like your personal health, it just isn’t as simple as that. Cyber Security takes many forms and the range and nature of the threat are so varied that there just isn’t any getting away from the fact that it will require a multi-faceted solution.
But – it’s easy to be tempted by the pitch! A sexy looking security appliance with a slick GUI is very tempting. And if it really can capture and defeat APTs, stop Phishing attacks and malware, block and alert on insider threats, hacktivism and rogue employees, while also protecting your IT from ransomware and government-sponsored/ blue chip espionage, then all your problems would be solved.
Likewise, if you really could lose weight, build a six pack and get marathon-beating stamina from drinking a kale and Persian cucumber milkshake, we would all do it. And of course, an anti-oxidant rich cocktail of vitamins and nutrients probably will help in some way, but it isn’t going to get everyone losing weight and getting fit. In fact, most would give it up and go back to bad habits.
Which brings us back to Cyber Security – it’s also a 24/7 discipline and requires a combination of technical measures, procedures, and working practices to maintain solid defenses.
It’s precisely for this reason that organizations get breached and will continue to get breached unless Cyber Security mindset becomes second nature for all employees.
So, in the meantime, what should you be focusing on? Here’s a quick summary – there are more comprehensive security policies, standards and guidelines out there – see the PCI DSS (Version 3.2 is almost here) or any of the other standards I showed earlier like NERC CIP, NIST 800-53 etc. There are also generic policies, like the SANS Top 20 or the CIS Security Policy that are freely available.
Top Ten Cyber Security Tips
- Mitigate Vulnerabilities
- Firewall or better, IPS
- System Integrity Monitoring
- Change Control – augmented with Threat Intelligence
- Promote and enforce an IT Security Policy
- Finally - Don’t be too thrown off course by the latest ‘must-haves’
Final words: Get your technology right for the general, everyday security before investing too much time and money into the latest ‘hot’ product.