NOVA has an article out that claims the internet is making us less secure due to all of the hacks we’ve undergone in 2017 and will continue to be subject to in the coming year.
In most cases we were never entirely secure to begin with, but we’re seeing progress in many areas. In my humble opinion, things that still need improving in 2018 include (my point of view generalizations of course):
– Improving the role, focus, scope and reporting structure of the CISO.
– Encryption needs to be deployed to 100% of the enterprise
– Two Factor Authentication (2FA) needs to become the norm both for professional and personal logins.
– Increased used of password managers to allow for highly complicated passwords (I purposely don’t even know most of my passwords, so no opportunity for repeating them, making them easy to remember or writing them down)
– Backups. No organization should be subject to the embarrassing, time consuming and avoidable effects of ransom ware. Build architectures that provide for offline out-of-band backups that are consistently validated to allow for near real time recovery
– Identification of where the organization’s most critical data is, metatag it, put policies around it then deploy Data Loss Prevention (DLP), Host Intrusion Prevention (HIPS) and related tools to increase the security and privacy around the access to and use of the data.
-Additional synchronized defense-in-depth security strategy that provides layers from the perimeter to the network, the endpoint and the server (cloud portion of the architecture as well where applicable). It’s better to have a strategy that is cohesive and that closes the gaps even if each component isn’t the best of its product line than to have a best of breed suite of tools that don’t function well together…. Perfection is the enemy of good…
2018 will likely bring us a ramped up threat landscape. As we go back into the office re-energized and ready for the new year we need to use this time to prepare and justify our security posture expenditures both financial and those that require non-monetary resources.
Identify the gaps, prioritize the responses and align with budgets. For those items that are free or within budget there’s no time like the present to “get ‘er done”. For those that require unallocated funds put together a solid justification first then don’t be afraid to ask. Depending upon your organizational culture you may want to get everything in writing as well regardless of the outcome of your discussions.