Data breaches hit an all-time high in 2019, with an estimated 8.5 billion records exposed in more than 5,000 reported breaches. It may not get any better in 2020 as organizations encounter increasingly sophisticated threats while dealing with chronically short-staffed IT security teams.
A recent Forbes Insights survey of chief information security officers (CISOs) paints a bleak picture. Some 84 percent say the risks of cyberattacks are increasing, and almost a quarter say they believe the capabilities of attackers are outpacing their ability to defend their organization. CISOs say they simply don’t have enough time, money or people to keep up.
There is reason for optimism, however. Artificial intelligence and machine learning are creating dramatic improvements in threat detection and mitigation technologies. Improved information-sharing in the public and private sectors is enabling new levels of coordination and cooperation. Increased awareness and support of C-level executives is generating increases in security budgets.
Cisco recently polled several security industry leaders to identify specific ways organizations can improve their security posture in 2020. Here are six of their suggestions:
Balance humans and machines. Automated security solutions that leverage AI and machine learning are becoming a critical necessity as organizations support more complex networks, increasing numbers of computing devices and the massive amount of data they generate. Trying to secure it all against rapidly evolving threats exceeds human capabilities. While automated systems can handle a good deal of the tedious work, organizations still need skilled people who can establish policies, evaluate data and make good decisions.
Find talent in unexpected places. Nearly two-thirds organizations worldwide report a shortage of skilled or experienced security personnel. Organizations must find new ways to bring in talent. In addition to standard recruiting practices, companies should launch training programs to develop in-house talent. Partnering with a qualified managed services provider (MSP) can also provide access to needed resources and expertise.
Get the board up to speed. Security teams need the support of C-level executives to create organization-wide improvements. To gain that support, IT pros must be able to explain the threat landscape without using jargon. Executives need to clearly understand how threats will affect business outcomes.
Prepare for the inevitable. All organizations should develop detailed incident response plans, remediation plans and disaster recovery plans. However, these plans must be regularly monitored and tested for gaps or weaknesses. The testing process also serves as valuable training for team members and managers.
Know your network. Organizations often don’t learn they’ve been breached until the damage has already been done. Advanced persistent threats, polymorphic malware and other stealthy exploits sometimes go undetected for weeks or months. A platform approach to networking coupled with tightly integrated security tools provides the visibility, data sharing and automation need to identify and mitigate threats.
Consider compliance an advantage. Although regulatory compliance efforts almost always require significant time and resources, this shouldn’t be viewed as a burden — it also presents opportunities to improve operations. Improved data security reduces the risk of a breach, protects valuable data and diminishes the chance of financial losses from fines and remediation costs. Data security also improves an organization’s reputation and boosts customer relationships.
As the threat landscape evolves, organizations must be prepared to adjust their tactics, policies and solutions to meet the challenge. Verteks has invested in the people, skills and tools necessary to help customers implement advanced security measures. Give us a call to discuss how we can help you boost your cybersecurity posture.