The Single Most Important Thing You Can do to Improve Cyber-Security in 2014

According to a reports released by the Information Security Forum and ISACA, cyber-security will continue to be a critical issue for businesses in 2014. Key threats include bring your own device (BYOD) trends, data proliferation, as well as privacy and regulation.

Security implications of BYOD

Unsecured personal devices can introduce a lot of potential security challenges. One of the big concerns is accidental disclosure due to information being held in an unprotected manner on consumer devices. Due to the inherently less secure configurations of personal devices and increasingly sophisticated mobile malware, external manipulation of software vulnerabilities is a real threat. With our customers we have witnessed a focus on deploying business applications to devices in a more secure fashion. If they don’t have one already, companies need to start working on a policy governing connected devices.

Data proliferation

A huge amount of corporate and personal data is proving difficult to secure. Big data represents a significant security challenge on multiple levels, which even extends to the tools that are being used to address cyber-security. With data residing in separate silos IT Security Analysts cannot see the forest for the trees. A conscious effort needs to be made to eliminate excess data and consolidate what remains using better security controls.

Privacy and Regulation

Many of our customers operate in highly regulated industries where they are required to safeguard Personally Identifiable Information (PII) as well as sensitive corporate data. Organizations need to treat privacy as both a compliance and business risk issue. In our experience, this is a challenge that extends well beyond just the IT security department. Companies will need to invest in security in order to tackle the uptick in regulatory requirements and the relentless advances in technology. It is also increasingly common for cyber-security programs to include participation by groups spanning operations, legal, HR, and executive management.

Recommendations

Staying abreast of the threats will be no easy task. Many investments in cyber-security continue to address discrete security problems in reaction to specific malicious attacks. Our philosophy at NopSec is that that proactively reducing risk can complement and enable business objectives. That requires that security become part and parcel of every aspect of how an enterprise operates. Often that begins by investing in risk analysis and constructing better metrics. So what is the single most important thing you can do to improve cyber-security in 2014? Download the Best Practices Guide: Vulnerability Management and take the first step toward less cyber-security risk and a more secure IT environment.