Security Experts:

Connect with us

Hi, what are you looking for?


Risk Management

New Year’s Resolution: Return to Cyber Security Essentials

When it Comes to Information Security, 100 Percent Protection is Unattainable

When it Comes to Information Security, 100 Percent Protection is Unattainable

As we enter 2018, it is a good time to reflect on what happened in cyber security last year. The learnings from the past 12 months can help us set a clear path for minimizing the risk of succumbing to data breaches in the New Year. In 2017, the news headlines were dominated by global ransomware attacks such as WannaCry and NotPetya, a growing number of new vulnerabilities (i.e., KRACK, WordPress, ROCA), and massive breaches such at Verizon, Equifax, and Uber. Considering the scale and sophistication of these attacks, many organizations need to revisit their security strategies in order to limit their exposure to cyber threats in 2018. 

According to Gartner, worldwide security spending will reach $96 billion in 2018, up 8% from the 2017 spend of $89 billion. Meanwhile we’re experiencing a continuous increase in security incidents, which raises doubts about the effectiveness of these investments. When conducting post-mortem analysis of the data breaches that occurred in 2017, it becomes apparent that many of these big breaches can be attributed to a longstanding failure to implement basic cyber security measures (e.g., multi-factor authentication), botched usage of existing security tools to streamline the mitigation of known vulnerabilities, and lack of security measures for protecting sensitive data.

Instead of earmarking security investments for bolstering traditional perimeter defenses, which is a losing battle, organizations need to return to the essentials of cyber security. In doing so, they can improve their security posture and limit exposure to data breaches. Focusing on the following three areas will provide greatest return on security investments in 2018.

Data Integrity

Undeniably, data is the prime target for attackers. Therefore, protecting data so it cannot be exfiltrated or modified, makes preventing network breaches less critical. Unfortunately, data is often left unsecured. For example, a quick web search for “data breach and unencrypted data” produces thousands of results that illustrate how many organizations fail to protect the integrity of their data and don’t even encrypt sensitive information.

The first step to assure data integrity, is to classify data into categories that reflect the business need to protect them, such as “public”, “internal use”, “confidential”, and “top secret”. Unfortunately, data classification is often abandoned due to the manual efforts required to maintain an up-to-date inventory amid constantly changing nature information. However, some cyber risk management systems provide dynamic grouping capabilities with drag and drop capabilities that can automate the realignment of data classifications and propagate changes to all associated nodes.

Data classification will subsequently determine what data should be encrypted, which typically applies to all personal identifiable information (PII). Innovations in encryption technology over the past few years have eliminated many of the previous performance and deployment roadblocks. Organizations should place special emphasis on developing well-documented and implemented encryption policies for protecting sensitive data, wherever it resides and however it is transmitted.

Identity Management

Access control is the Achilles heel of many security programs, since practitioners must balance data availability with measures that prevent unauthorized usage (e.g., theft, disclosure, modification, destructions). Meanwhile, hackers often target privileged users since their accounts provide a beachhead into the entire network. Therefore, strict enforcement of well-defined access control policies and continuous monitoring of access paths to ensure they are working as intended are essential for the success of data integrity initiatives. 

As part of a modern identity management model, organizations should consider transitioning to a Zero Trust model, that operationalizes the “never trust, always verify” principle. With Zero Trust there is no default trust for any entity — including users, devices, applications, and packets. 

Risk-Based Prioritization 

Effective prioritization of vulnerabilities and incidents is essential to staying ahead of attackers.

While security monitoring generates big data, in its raw form it remains only a means to an end. Ultimately, information security decision making should be based on prioritized, actionable insight derived from the data. To achieve this, internal security data needs to be correlated with its business criticality and external threat intelligence to derive the real risk exposure to the organization. Without a risk-based approach to security, organizations can waste valuable IT resources mitigating vulnerabilities that in reality pose little or no threat to the business.

When it comes to information security, 100 percent protection in unattainable. However, by supplementing traditional perimeter defense mechanisms with data integrity, identity management, and risk-based prioritization principals, organizations can significantly reduce their exposure to Uber scale data breaches in 2018.

Written By

Torsten George is a cybersecurity evangelist at Absolute Software, which helps organizations establish resilient security controls on endpoints. He also serves as strategic advisory board member at vulnerability risk management software vendor, NopSec. He is an internationally recognized IT security expert, author, and speaker. Torsten has been part of the global IT security community for more than 27 years and regularly provides commentary and publishes articles on data breaches, insider threats, compliance frameworks, and IT security best practices. He is also the co-author of the Zero Trust Privilege For Dummies book. Torsten has held executive level positions with Centrify, RiskSense, RiskVision (acquired by Resolver, Inc.), ActivIdentity (acquired by HID® Global, an ASSA ABLOY™ Group brand), Digital Link, and Everdream Corporation (acquired by Dell).

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...

Risk Management

A threat-based approach to security often focuses on a checklist to meet industry requirements but overlooked the key component of security: reducing risk.

Risk Management

CISA has published a report detailing the cybersecurity risks to the K-12 education system and recommendations on how to secure it.


More than 4,000 internet-accessible Pulse Connect Secure hosts are impacted by at least one known vulnerability, attack surface management firm Censys warns.

Cybersecurity Funding

2022 Cybersecurity Year in Review: Top news headlines and trends that impacted the security ecosystem

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...