Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Management & Strategy

Four Cybersecurity Resolutions for 2017

2016 was a big year for cybersecurity news, most of it not terribly encouraging. Still, the year did present the cybersecurity industry with several teachable moments that I believe all security professionals should heed as we move into a new year. Accordingly, I’ve made four New Year’s resolutions for the cybersecurity industry in 2017. If any of these items are not on your “to do” list for 2017, I would challenge you to add them.

2016 was a big year for cybersecurity news, most of it not terribly encouraging. Still, the year did present the cybersecurity industry with several teachable moments that I believe all security professionals should heed as we move into a new year. Accordingly, I’ve made four New Year’s resolutions for the cybersecurity industry in 2017. If any of these items are not on your “to do” list for 2017, I would challenge you to add them.

1. Move Beyond Passwords

I touched on this topic in my previous column, but it’s an important problem that has resolutions available today, so it’s worth repeating. It’s time to stop using the username/password model for identity authentication. The pitfalls of passwords are very familiar to security professionals: Users employ the same username/password combination for all of their accounts, meaning that once hackers have it, they can potentially access all of a user’s accounts. And thanks to many successful attacks, stolen usernames and passwords are readily available online. There are alternative ID verification methods, like multifactor authentication and biometrics, already being used throughout the digital ecosystem; so let’s collectively resolve to put the insecurity and frustration of usernames and passwords behind us in 2017.

2. Make Sure the Security and Management Teams Understand Each Other

Explaining this one requires a quick hypothetical (though common in cybersecurity) situation. Asked by his CEO to provide a “state of the union” report on the company’s network security, a CSO develops a report that, in the interest of being thorough and minimizing his exposure, exhaustively captures every potential vulnerability. He shares it with the CEO, who can’t make sense of it. Why? Because the CSO hasn’t provided the information and context necessary to make business decisions about cybersecurity. Could all of the threats listed actually have a material impact on the business? Do they all require immediate attention or a significant spend to fix? Do they even need to be addressed? This is the kind of information the CEO and board need in order to make decisions about cybersecurity that could affect other departments in the organization. If you’re in cybersecurity and have previously created some sort of status update about your network’s security posture, go back and read it again; but this time, read it as if you were a layman or non-technical executive. If the report doesn’t give you a clear understanding of where network security is today, where it needs to be tomorrow, and what it will take to get there, you need to adjust the way you present your findings to better suit your audience.

3. Join a Threat Intelligence Sharing Group 

The surge in cyberattacks in recent years has led to a tsunami of threat intelligence data that leaves most security organizations struggling just to keep up with the number of inbound threat alerts, let alone analyze them to identify the significance of their threat to the network. The only reasonable way to handle this much data is to automate the process of identifying threats, determining the proper fix and then implementing it. And to automate this process, the cybersecurity industry needs to work collectively and share the workload of analyzing threats and developing appropriate countermeasures. There are many methods for sharing threat intelligence, be they the ad hoc sharing of threat data between industry colleagues or a company officially joining an organized industry consortium devoted to threat intelligence sharing, like the Cyber Threat Alliance. I’ll leave it to the reader to determine which approach makes sense for your organization, but this kind of collaborative effort is vital as the cybersecurity industry works to make our digital way of life secure and reliable.

4. Be Kind to Your Level 1 SOC Operator

Advertisement. Scroll to continue reading.

One of those overlooked but vital professions, the level one SOC operator, is literally on the front lines of the ongoing war between black and white hats in cyberspace. They are responsible for identifying and mediating cyberattacks before they occur, and in the case of a successful cyberattack, the first person to receive blame for it. If that pressure weren’t enough, they’re also the security team members tasked with managing the threat data tsunami I described above. So the next time you see your favorite SOC operator, take a moment to tell him or her how much you appreciate their team’s work and how important it is to the ongoing success of your organization.

See you all back here in 2017!

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Cybersecurity Funding

2022 Cybersecurity Year in Review: Top news headlines and trends that impacted the security ecosystem