With less than two weeks to go until 2017, we’ve taken a look back at the past year in cyber security. In this post we discuss lessons learned from 2016, and what these developments mean for security professionals and the whole industry in 2017.
In short, what we’re seeing is that cyber security never stops. And it is exactly what makes cyber security so endlessly interesting and ruthlessly challenging all at once. To effectively predict, prevent, detect and respond to attacks, organizations must treat cyber security like a proactive process of continuous improvement – one that takes a holistic approach to cyber security:
- It takes man and machine to win.
Attackers combine people, process and technology to get past your defences. You need the same thing – the right combination of people, process and technology to fend them off.
- Local and industry-specific expertise matters.
It takes a very different approach to cyber security to protect a global brand’s intellectual property than it does to enforce security in aviation, or to secure online payments.
Equally, cyber security practices and regulations differ between regions. For example, companies in the EU are busy preparing for EU’s General Data Protection Regulation that will enter into force in May 2018.
- You cannot ignore the latest threat intelligence.
Keeping up with the latest threat intelligence can be a struggle. Applying it across the cyber security operation can be even tougher. But it’s a vital foundation for constantly improving your defenses. For more detailed tips on how to effectively predict the threat landscape, we recommend you to watch this webinar.
- Cyber security must be agile.
Attackers can pivot in an instant, seizing new opportunities the moment they open up. To stay ahead of them, you need to be able to predict threats, prevent the vast majority of them, detect attacks when they do happen, and respond quickly and appropriately if you’ve been breached. The 360 degree approach to cyber security will still remain valid in 2017.
- A distributed attack surface calls for distributed security.
Today’s mobile workforces depend on constant access to data and services through an ever-growing array of devices. It’s important to prioritize a centralized view of every endpoint in your networks. In addition, patching vulnerabilities is one of the most important measures you can take to prevent attacks. It’s low-hanging fruit and it gets the job done.
- Compliance is table stakes.
Most large companies will be compliant with regulations, but it hasn’t prevented them from being breached. Regulations are an important starting point for cyber security. But cyber attackers move faster than regulators do. So a relentlessly proactive approach to cyber security is essential.
- You’re never done.
If you take one thing away from this post, it is this: in cyber security, you’re never done. Your attackers will never relent. So your cyber security operation can never relent. You need a proactive process that’s designed to continuously improve and adapt. Only then can you effectively predict, prevent, detect and respond to incidents.