Today’s cyber thieves are not just going after Fortune 500 companies, they’re moving down market to organizations that have information of value and are less likely to be formidable against these threats. Not only that, but this valuable information/data is overspilling server rooms and collecting in larger, caged off, and practically unmanned cloud datacenters. Keeping data private and protected has become more complex and requires more elasticity.
PII will continue to be the high value data bad guys target. You should consider yourself a target if you maintain any personal and/or financial information on your customers – even if you’re a medium-sized company. Healthcare, government, and financial sectors better be ready.
There are no more excuses for unencrypted endpoints – and everyone knows it. Organizations will make the last push to fully leverage content management and “intelligent” encryption with partner networks and customers. This is the year to take that out of the user’s hands once and for all. Encrypt everything at-rest and in-motion (anything to you or your customers).
What DLP solution did you implement? How far did you actually take DLP operationally? How has your RROT plan come together? This year, many organizations will be re-assessing their DLP initiatives, making sure key areas of risk are being addressed. It’s important to get the most out of the detection technology but also to get further down the lifecycle of risk reduction, taking incident response and workflows to the next level. As O365 gains more adoption it’s provoking the reevaluation of the entire initiative.
Hopefully your Data Loss Prevention initiative taught you how people were, not only using and sharing information assets but, how those assets are being accessed. Companies will take TFA beyond VPN and into web and mobile apps. Public Key Infrastructure (mPKI) is also tan, rested, and ready.
The network security players are running to the endpoint and the endpoint companies are grabbing at layer three. You can no longer debate endpoint vs. network when considering today’s advanced attacks, you need to correlate between them. While you’re at it, toss email in there, shake it up, and sort it out on the table in order to identify, prioritize, and remediate advanced threats.
If your organization has been compromised by a focused and skilled attack, detecting east/west movement and preventing privilege escalation is your last chance to interrupt the heist. Taking a baseline approach to your network, applications and users will take some effort but could turn the tables on truly defending against malicious activity.
While we still believe the “best-in-class” should still be a priority for certain tools. A debate is rising over whether or not Endpoint AV needs to be best-of-breed, or can you take what’s free with your Enterprise Agreement. Reputation and behavior are the new minimums with intelligence networks becoming the new truth behind all of the noise in how we analyze and prioritize today’s threats. Security Monitoring is expected to grow in 2016 due to the need for correlated intelligence behind the tools themselves. If your on-prem SIEM solution isn’t showing you anything worthy today, it’s not looking for the right things.
Security Awareness will see an earnest investment this year, but it is rather late given how much ransomeware and advanced attacks have come from phishing emails. Educate your users, but also use technology and intelligence to backup your attempts to create a culture of security.
Many organizations will relinquish responsibility for the modernization and management of enterprise malware. More mid-sized companies will outsource endpoint and perimeter security management and ITSEC will focus on remediation and response. Organizations that are moving to AWS or Azure, will get a chance to do it gearlessly.